Alan Upstone
Forum Replies Created
-
Forum: Plugins
In reply to: [Disable Right Click For WP] Known vulnerabilities foundThis vulnerability is also warned of for all my sites hosted by Flywheel, based on https://wpscan.com/vulnerability/e4ae4efb-ed4f-48a4-a4c2-80ed9a59e468. Shame as I had it on all my WP sites.
Thanks for taking the time to reply, Tony. My Flywheel support ticket is 14516689 and it might help them ‘join the dots’ to know it is a problem for more than one of us.
I was dreaming about a similar solution to yours then got up and read your post. I think Vasyl, the plugin creator, is a genuine chap and the plugins works well for us for role capability management. However, I have found by exporting and reading the AAM settings file that the things one does in the interface do not always get saved/deleted properly in the settings file. Sometimes I can edit that file and import it to cure the problem.I can get it to work on the local version, just not on Flywheel. The redirect happens, but the query string in /index.php?aam-media doesn’t seem to be recognised. I am going to try reinstalling the plugin.
I also note that Flywheel add a line to the re-write, apparently for their platform’s needs.
#rewrites for AAM plugin location ~* ^/wp-content/uploads/.*ssp.*\.pdf { rewrite (?i)^(/wp-content/uploads/.*)$ /index.php?aam-media=$1 last; <strong>include no-cache.conf;</strong> return 307; }It seems that other plugins also have problems with shared platforms too (https://preventdirectaccess.com/docs/flywheel-hosting-support/).
Would you care to contact me at https://www.helpfulconsultants.com/contact/ ? We can perhaps help each other.
I have had similar problems. I can get it to work on a local site running nginx, but not on the live remote site hosted by flywheel.
We found that everything, including CSS, was getting blocked. With help from Flywheel support, we are getting a more precise redirect. In our case, we just want to affect PDFs with ‘ssp’ in their filenames.
#rewrites for AAM plugin
location ~* ^/wp-content/uploads/.*ssp.*\.pdf {
rewrite (?i)^(/wp-content/uploads/.*)$ /index.php?aam-media=$1 last;
return 307;
}Note that we have an escape (\) before the file extension, i.e. \.pdf rather than just .pdf because the thumbnails generated by WordPress for the media list dashboard page for the PDFs were getting clobbered too.
A similar rewrite might work for you. I think you’d need some sort of wildcard before the .pdf in your re-write or it will just match files called .pdf – maybe .*\.pdf would work.
We are still finding that the rewrite to index.php?aam-media=sss-file.pdf is not working on nginx. It just doesn’t seem to like the aam-media query string and we get a 403 error. I note that the developer fixed an nginx bug at the last commit to v5 (in v.9.7.1). I wonder if that bug sneaked back into v6?
I submitted a help request to aamplugin.com but was told I was in position 302 and might be prioritised below people after me. Perhaps understandable given the low cost of the plugin. I’ll post an update either I get a reply.
It’s also not entirely clear if the AAM Protected Media Files plugin we have is redundant if we have the AAM plus package. Activated or deactivated does not seem to make any difference.
We tried a direct approach with https://example.com/index.php?aam-media=ssp-demo.pdf and that 403s too.
Forum: Plugins
In reply to: [Infusionsoft Gravity Forms Add-on] CURL errorStill getting this error. Tried 1.5.10 and 1.5.11. WordPress 4.01 and 4.1
‘Something is wrong. See below for details, check your settings and try again.
CURL error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Attempted: 1 time(s).’