Hi
I am trying to find a consolidated guide on best practices of using htaccess with Piwigo.
Areas of interest:
* content protection - since Piwigo is file oriented, it is very important that no one can tamper with my images
* anti-hack - being WordPress user for many years, I become accustomed :) to be able to put some htaccess protection to prevent bots attacks, content stealing, critical area protection.
* caching optimization
* any way to hide index.php?
* is removing ".php" in url supported. Ex: instead of /picture.php URL would have /picture/ ?
In general, how Piwigo is graded from security stand point? Anyone outside performs security audit?
Offline
Hello
*discussed many times an the Take A Tour plugin will talked about it
*? You can put a htaccess for the admin allowing only your ip. Nothing specific to Piwigo
*Smarty is out template engine
*what?
*already discussed and available in the local configuration
Offline
flop25 wrote:
*discussed many times an the Take A Tour plugin will talked about it
Looks like what I need. Is there extension page for it in addition to Repo with description what it is about? Forum post does not go in much details.
flop25 wrote:
*? You can put a htaccess for the admin allowing only your ip. Nothing specific to Piwigo
yes, I can protect admin kink, but it is not the only thing I am trying to do. there is more to it. Ok, will put on my list to-do
flop25 wrote:
*Smarty is out template engine
Good. Smarty can cache. I was just curious if there are any other optimizations we need to be aware of
Is there any information on how cache is configured for Smarty in PW?
I checked config_default.inc.php but did not find too many settings there.
For example do I have config level access to $smarty->cache_lifetime, etc.
flop25 wrote:
*what?
I am referring to this URL pattern - <root>/index.php?/categories
Is there a way to hide index.php? i.e. making it <root>/categories
<root>/index.php?/best_rated -> <root>/best_rated
...
flop25 wrote:
*already discussed and available in the local configuration
mmm, yes you are correct, but when I put following into local config
$conf['gallery_url'] = 'http://mysite.com';
$conf['question_mark_in_urls'] = false;
$conf['php_extension_in_urls'] = false;
Last one is interesting as it requires additional settings. Comment does not provide enough guidance as you can see from other's people posts http://piwigo.org/forum/viewtopic.php?id=24225
In my case I would have to do some htaccess rules to resolve situation when server does not understand that if
http://mysite.com/index/category/1
is used then any references within need to be treated in respect to the site root and not "page" we are in
Ex: <link rel="stylesheet" type="text/css" href="_data/combined/pfcwmq.css"> i.e. combined CSS in scenario above would not be found as it does not refer fully qualified url nor does it use root relative notation i.e.
<link rel="stylesheet" type="text/css" href="/_data/combined/pfcwmq.css">
You need to realize that people coming here may not be as advanced as me and have minimal knowledge of all Easter eggs hidden around.
PS: I know you are trying to encourage me to read through 5 years of posts here, but direct links or reference to some sort of FAQ on the subject would be much appreciated. :) and it would make PW migration for many much easier... unless you do not want it to happen :) which I do not think is the intent.
Offline
short answer: you can't have such urls without custom plugin
ps: i never had to do anything to get the without php_extensions to work ; as you can see that's very server dependant
Offline