Share

Question

Hi,

I have a PHP web application on my nginx server (Ubuntu). I have a folder called passports. I store passport images in that folder using a php upload page. I want to block access to that folder so that no one can go to:

http://mysite.com/images/passports/johnDoe'sPassport.jpeg

and look at the passports but at the same time my php file can upload to it and can get the link of the image within the application.

Please advice.

Accepted Answer

kamaln7 MOD December 14, 2014

PHP accesses the images through the filesystem, so if you block HTTP requests to /images/passports, you can block user access to that folder while still allowing PHP to access it.

Edit your nginx server block config and add the following lines:

location /images/passports {
    deny all;
}

Then, reload Nginx so that the changes take effect:

sudo service nginx reload

Reply

support795065 December 15, 2014
Hi,
Can you please advice more. Sorry I am not that much good with server block.

Do you mean that I have to go to etc/nginx/nginx.conf and add the code that you told me to the server block? I have a block which is events{} and the other one is http{}

The location starts from the website root or the server root? because my website files are in:
/usr/share/nginx/html/

Please advice.

Thanks
kamaln7 MOD December 15, 2014

Do you mean that I have to go to etc/nginx/nginx.conf and add the code that you told me to the server block? I have a block which is events{} and the other one is http{}

If you haven't added any virtual hosts yourself, the default server block would be stored in /etc/nginx/sites-enabled/default, so edit that file and add the location block after server_name or any other location block (anywhere works, as long as it's inside the first server{} block).

The location starts from the website root or the server root? because my website files are in: /usr/share/nginx/html/

The location is relative to the website so it should just be /images/passports and not /usr/share/nginx/html/images/passports.
support795065 December 16, 2014

Sorry for that but last question:
I have default in sites-enabled/ directory but because I am using wordpress' permalink, I will add another host file called wp in this directory to have the code for enabling the permalink in it.
Does that mean that I have to add the code you told me in the wp file?
kamaln7 MOD December 16, 2014

You should have only one file in sites-enabled/ per website, so the permalink settings should go into default as well.
support795065 December 22, 2014

Thanks! That solved the problem.
Just one more thing. Now PHP can check the images if they exist but http access is blocked which is exactly what I want.

Can I view the images using PHP? I mean with this approach what is the way to view the images securely. I know that this is a php question but if you refer me to the subject that I will do my research about it and fix it my self.

Thanks a lot.

Amin

kamaln7 MOD December 22, 2014

Yes, you can serve an image via a PHP script. Something like this should work:

<?php
$path = './images/passports/some-image.png';

//get the file mimetype
$type = image_type_to_mime_type(exif_imagetype($path));

//set some HTTP headers
header('Content-Type: ' . $type);
header('Content-Length: ' . filesize($path));

//serve the image
readfile($path);

Answer 2

support795065 December 15, 2014
Hi,
Can you please advice more. Sorry I am not that much good with server block.

Do you mean that I have to go to etc/nginx/nginx.conf and add the code that you told me to the server block? I have a block which is events{} and the other one is http{}

The location starts from the website root or the server root? because my website files are in:
/usr/share/nginx/html/

Please advice.

Thanks
kamaln7 MOD December 15, 2014

Do you mean that I have to go to etc/nginx/nginx.conf and add the code that you told me to the server block? I have a block which is events{} and the other one is http{}

If you haven't added any virtual hosts yourself, the default server block would be stored in /etc/nginx/sites-enabled/default, so edit that file and add the location block after server_name or any other location block (anywhere works, as long as it's inside the first server{} block).

The location starts from the website root or the server root? because my website files are in: /usr/share/nginx/html/

The location is relative to the website so it should just be /images/passports and not /usr/share/nginx/html/images/passports.
support795065 December 16, 2014

Sorry for that but last question:
I have default in sites-enabled/ directory but because I am using wordpress' permalink, I will add another host file called wp in this directory to have the code for enabling the permalink in it.
Does that mean that I have to add the code you told me in the wp file?
kamaln7 MOD December 16, 2014

You should have only one file in sites-enabled/ per website, so the permalink settings should go into default as well.
support795065 December 22, 2014

Thanks! That solved the problem.
Just one more thing. Now PHP can check the images if they exist but http access is blocked which is exactly what I want.

Can I view the images using PHP? I mean with this approach what is the way to view the images securely. I know that this is a php question but if you refer me to the subject that I will do my research about it and fix it my self.

Thanks a lot.

Amin

kamaln7 MOD December 22, 2014

Yes, you can serve an image via a PHP script. Something like this should work:

<?php
$path = './images/passports/some-image.png';

//get the file mimetype
$type = image_type_to_mime_type(exif_imagetype($path));

//set some HTTP headers
header('Content-Type: ' . $type);
header('Content-Length: ' . filesize($path));

//serve the image
readfile($path);

Nginx Folder permission for images folder

Leave a Comment

Share

Share your Question

Nginx Folder permission for images folder

Leave a Comment

Almost there!

Report a Bug