htaccess conflict

  • jcibme

    (@jcibme)


    5 years, 8 months ago

    I have used BuddyPress Doc for awhile now and it has always worked great but less than a week ago it is having a conflict problem with WP htaccess file. Message reads: Your BuddyPress Docs attachments directory is publicly accessible. Doc attachments will not be properly protected from direct viewing, even if the parent Docs are non-public.

    It looks like you are running Apache. The most likely cause of your problem is that the AllowOverride directive has been disabled, either globally (httpd.conf) or in a VirtualHost definition. Contact your host for assistance.
    I have tried this work around:
    https://community.bitnami.com/t/bitnami-wordpress-your-buddypress-docs-attachments-directory-is-publicly-accessible/64597/11
    only I customized it per host directory that I am using and it crashed the site. Both the .htaccess and the doc htaccess are both setup to rewrite but I think the issue might be the site uses:
    Paid Memberships Pro
    Paid Memberships Pro – BuddyPress Add On
    Paid Memberships Pro – WooCommerce Add On
    So I think there is a conflict with the paid plugins since all pages cannot be public access without a paid membership.
    How do I correct this error?

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author David Cavins

    (@dcavins)

    5 years, 8 months ago

    Hello @jcibme,

    First, that Bitnami thread offers bad advice in my opinion, essentially saying: Sure your setup is not working as intended but you can hide the error message with this bit of code.

    What is supposed to be happening in BP Docs is that our attachments are stored in directories like /wp-content/uploads/bp-attachments/{doc_id}/

    When a doc is set to have limited access, an htaccess file is created in that directory to prevent direct access via the url your site.com/wp-content/uploads/bp-attachments/{doc_id}/{file_name} . For instance, if a doc with the id of 7 is not public, then, in/wp-content/uploads/bp-attachments/7/, BP Docs will attempt to create an htaccess file with the contents:

    # BEGIN BuddyPress Docs
# The directives (lines) between <code>BEGIN BuddyPress Docs</code> and <code>END BuddyPress Docs</code> are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
RewriteEngine On
RewriteBase /
RewriteRule (.+) ?bp-attachment=$1 [R=302,NC]
# END BuddyPress Docs

    This htaccess file should be respected because it is the most specific to the files in that folder (that’s what AllowOverride means). However, I have no idea how Paid Memberships Pro prevents access to pages/content/attachments. So, if you are seeing the correct htaccess files in your attachments folders, I’d guess you’ll need to learn more about how Paid Memberships Pro works and resolve the issue from that angle.

    Best,

    David

    Thread Starter jcibme

    (@jcibme)

    5 years, 8 months ago

    Hi David,
    Thank you for the information. I did find that allowing the members to attach to a doc they created was the reason. I disabled the function on BuddyPress Doc and the error is gone. I think for security reasons it is best at this time to keep it disabled. Again thank you for the quick response.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘htaccess conflict’ is closed to new replies.