Upload privacy not working

  • cburon

    (@cburon)


    9 years, 3 months ago

    Hello,

    I am trying to build a private site. One of the most important aspects of the site consists in the uploads, and they definitely need to be private.

    I found a very interesting topic on that here: http://wordpress.stackexchange.com/questions/37144/how-to-protect-uploads-if-user-is-not-logged-in.The thing is that this solution does not work for me, and I do not know why. For the moment, I am trying my website on my computer, with an apache server. I put my .htaccess just here:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} -s
    RewriteRule ^wp-content/uploads/(.*)$ dl-file.php?file=$1 [QSA,
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    and the dl-file.html, as given here: https://gist.github.com/1552239

    my uploads are located either just under /wp-content/uploads or in a subdirectory of this directory. I would like to know if there is a way of diagnosing, or see where the does the problem come from. I have deactivated all the plugins, in vain.

    Thanks!

Viewing 1 replies (of 1 total)
  • Thread Starter cburon

    (@cburon)

    9 years, 3 months ago

    And the culprit was… my apache config. Please do not forget to edit the apache configuration in /etc/apache2/apache2.conf and add the lines

    <Directory /var/www/html/>
    AllowOverride All
    </Directory>
    I still have a question. It seems (but it may be related to the fact that the site is still in localhost) that this method does not prevent from downloading using curl for instance. Am I right?

Viewing 1 replies (of 1 total)

The topic ‘Upload privacy not working’ is closed to new replies.