Deny http access to a directory, allow access from WordPress plugin

views:

answers:

Deny http access to a directory, allow access from WordPress plugin

Hey. I need to prevent direct access to http://www.site.com/wp-content/uploads/folder/something.pdf through the browser.

However the Download Monitor plugin I am using, which allows logged in users to download the file, needs to be able to work.

Trying

Order Allow,Deny Deny from all Allow from all

but the download links do not now work... even though (I think) they are links produced by the script e.g.

http://www.site.com/wp-content/plugins/download-monitor/download.php?id=something.pdf

Enter that in the address bar and you correctly get a WordPress message, 'You must be logged in to download this file.'

However, if someone knows the URL where the file was uploaded

http://www.site.com/wp-content/uploads/folder/something.pdf

they can still access it directly.

I don't know how (guesswork?) they would find the direct URL anyway, but the client wants it stopped!

Thanks for any help.

You cannot set Deny in .htaccess because your WordPress and a standard file request has the same server user - www-data/apache/http/or something.

You can for example sat folder's chmod to 700 and it will allow access for script but not for direct file call.

And accept your recent questions.

hsz 2010-05-20 15:08:49

I have accepted my questions :) thanks for pointing that out.Not sure if you're saying this should have worked, but chmod700 on the folder has not solved the problem I'm afraid.

luke 2010-05-20 15:34:43

ansaurus

tags:

views:

answers:

Deny http access to a directory, allow access from WordPress plugin

related questions