Protect files | ww.wp.xz.cn

C. Koomen
(@c-koomen)

12 years, 6 months ago

Hi,

A directory in my website folder (in Ubuntu) is being shared using Smallerik File Browser. It is necessary to be logged in to download files. This should protect the files from non-members. The problem is that non-members could just go to the http://www.website.com/folder to see a all files listed. They can also download the files. That is not how it should be.

Is it possible to protect the files so one can only download files if he is logged in?

Kind regards,
Cor

http://ww.wp.xz.cn/plugins/smallerik-file-browser/

Viewing 2 replies - 1 through 2 (of 2 total)

kayceedub
(@kayceedub)

12 years, 4 months ago
If you have access to your apache config, you can add a “deny from all” directive to prevent http access directly to the folder. So it would look something like this:
```
<Directory /var/www/yoursite.com/htdocs/wp-file-browser-top>
    deny from all
</Directory>
```
You should also be able to do this in .htaccess.
kayceedub
(@kayceedub)

12 years, 4 months ago

Also, I just noticed — in the config for Smallerik, you can actually set the path for where the files are located to outside the web root:

Setting the default path outside of the web root altogether increases security as the files will not be reachable using a web browser outside the scope of this plugin.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Protect files’ is closed to new replies.

2 replies
2 participants
Last reply from: kayceedub
Last activity: 12 years, 4 months ago
Status: not resolved