Nginx Folder permission for images folder

December 14, 2014 6k views

Hi,

I have a PHP web application on my nginx server (Ubuntu). I have a folder called passports. I store passport images in that folder using a php upload page. I want to block access to that folder so that no one can go to:

http://mysite.com/images/passports/johnDoe'sPassport.jpeg

and look at the passports but at the same time my php file can upload to it and can get the link of the image within the application.

Please advice.

1 Answer

PHP accesses the images through the filesystem, so if you block HTTP requests to /images/passports, you can block user access to that folder while still allowing PHP to access it.

Edit your nginx server block config and add the following lines:

location /images/passports {
    deny all;
}

Then, reload Nginx so that the changes take effect:

sudo service nginx reload
  • Hi,
    Can you please advice more. Sorry I am not that much good with server block.

    1. Do you mean that I have to go to etc/nginx/nginx.conf and add the code that you told me to the server block? I have a block which is events{} and the other one is http{}

    2. The location starts from the website root or the server root? because my website files are in:
      /usr/share/nginx/html/

    Please advice.

    Thanks

  • Do you mean that I have to go to etc/nginx/nginx.conf and add the code that you told me to the server block? I have a block which is events{} and the other one is http{}

    If you haven't added any virtual hosts yourself, the default server block would be stored in /etc/nginx/sites-enabled/default, so edit that file and add the location block after server_name or any other location block (anywhere works, as long as it's inside the first server{} block).

    The location starts from the website root or the server root? because my website files are in: /usr/share/nginx/html/

    The location is relative to the website so it should just be /images/passports and not /usr/share/nginx/html/images/passports.

  • Sorry for that but last question:
    I have default in sites-enabled/ directory but because I am using wordpress' permalink, I will add another host file called wp in this directory to have the code for enabling the permalink in it.
    Does that mean that I have to add the code you told me in the wp file?

  • You should have only one file in sites-enabled/ per website, so the permalink settings should go into default as well.

  • Thanks! That solved the problem.
    Just one more thing. Now PHP can check the images if they exist but http access is blocked which is exactly what I want.

    Can I view the images using PHP? I mean with this approach what is the way to view the images securely. I know that this is a php question but if you refer me to the subject that I will do my research about it and fix it my self.

    Thanks a lot.

    Amin

  • Yes, you can serve an image via a PHP script. Something like this should work:

    <?php
    $path = './images/passports/some-image.png';
    
    //get the file mimetype
    $type = image_type_to_mime_type(exif_imagetype($path));
    
    //set some HTTP headers
    header('Content-Type: ' . $type);
    header('Content-Length: ' . filesize($path));
    
    //serve the image
    readfile($path);
    
Have another answer? Share your knowledge.