Reputation: 237
Deny http access to a directory, allow access from WordPress plugin
Hey. I need to prevent direct access to http://www.site.com/wp-content/uploads/folder/something.pdf through the browser.
However the Download Monitor plugin I am using, which allows logged in users to download the file, needs to be able to work.
Trying
Order Allow,Deny Deny from all http://www.site.com/wp-content/plugins/download-monitor/download.php"> Allow from all
but the download links do not now work... even though (I think) they are links produced by the script e.g.
http://www.site.com/wp-content/plugins/download-monitor/download.php?id=something.pdf
Enter that in the address bar and you correctly get a WordPress message, 'You must be logged in to download this file.'
However, if someone knows the URL where the file was uploaded
http://www.site.com/wp-content/uploads/folder/something.pdf
they can still access it directly.
I don't know how (guesswork?) they would find the direct URL anyway, but the client wants it stopped!
Thanks for any help.
Upvotes: 0
Views: 2000
Answers (1)
Reputation: 152266
You cannot set Deny in .htaccess because your WordPress and a standard file request has the same server user - www-data/apache/http/or something.
You can for example sat folder's chmod to 700 and it will allow access for script but not for direct file call.
And accept your recent questions.
Upvotes: 0
Related Questions
- htaccess - Block access to a directory but allow access to files in a specific directory
- PHP protect directory from direct URL access
- .htaccess to deny directory access
- Deny access to directory files via browser with htaccess
- Deny direct access to folder from URL
- Deny direct access to files in folder
- htaccess - Allow directory access for specific url
- "Deny from all" but still allow WordPress to access files?
- Block direct access to directory with .htaccess file
- restrict access with htaccess in web server