Deny http access to a directory, allow access from WordPress plugin

Posted by luke on Stack Overflow See other posts from Stack Overflow or by luke
Published on 2010-05-20T15:01:25Z Indexed on 2010/05/20 15:10 UTC
Read the original article Hit count: 192

Filed under:

.htaccess

|

wordpress-plugin

|

security

Hey. I need to prevent direct access to http://www.site.com/wp-content/uploads/folder/something.pdf through the browser.

However the Download Monitor plugin I am using, which allows logged in users to download the file, needs to be able to work.

Trying

Order Allow,Deny Deny from all Allow from all

but the download links do not now work... even though (I think) they are links produced by the script e.g.

http://www.site.com/wp-content/plugins/download-monitor/download.php?id=something.pdf

Enter that in the address bar and you correctly get a WordPress message, 'You must be logged in to download this file.'

However, if someone knows the URL where the file was uploaded

http://www.site.com/wp-content/uploads/folder/something.pdf

they can still access it directly.

I don't know how (guesswork?) they would find the direct URL anyway, but the client wants it stopped!

Thanks for any help.

© Stack Overflow or respective owner

Related posts about .htaccess

Seeking htaccess help: Converting multiple subdomains (both http and https) to www.domain.com using .htaccess

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I've been trying to get an answer to this question on other forums (the folks at SuperUser thought this was the place I needed to post) and via my connections, but I haven't gotten very far. Hopefully you guys can help me find an answer: I've got a dozen old subdomains that have been indexed by Google… >>> More
Disable .htaccess or disable some rules from .htaccess on specific URL

as seen on Server Fault - Search for 'Server Fault'
I have Kerberos-based authentication and I want to disable it on only root url: mysite.com/. And I want it to works fine on any other page like mysite.com/page1. I have such things in my .htaccess: AuthType Kerberos AuthName "Domain login" KrbAuthRealms DOMAIN.COM KrbMethodK5Passwd on Krb5KeyTab… >>> More
.htaccess Permission denied. Unable to check htaccess file

as seen on Server Fault - Search for 'Server Fault'
Hi, I have a strange problem when adding a sub-domain to our virtual server. I have done similar sub-domains before and they have worked fine. When I try to access the sub-domain I get an 403 Forbidden error. I checked the error logs and have the following error: pcfg_openfile: unable to check… >>> More
.htaccess Permission denied. Unable to check htaccess file

as seen on Server Fault - Search for 'Server Fault'
I have a strange problem when adding a sub-domain to our virtual server. I have done similar sub-domains before and they have worked fine. When I try to access the sub-domain I get an 403 Forbidden error. I checked the error logs and have the following error: pcfg_openfile: unable to check htaccess… >>> More
Permission denied: /home/.htaccess pcfg_openfile: unable to check htaccess file

as seen on Server Fault - Search for 'Server Fault'
This domain was working this morning, now I get a 403 error and the message above in my error log. I'm not using .htaccess files but I have been doing some copy on the server so may have messed things up but no changes to this domain (unless by accident!). What is this pcfg_openfile thing anyway? Done… >>> More

Related posts about wordpress-plugin

Need help with wp_rewrite in a WordPress Plugin

as seen on Stack Overflow - Search for 'Stack Overflow'
Ok, I've got this code that I've been using to spit out news to an application of mine. It was working until today. I've cutout all the logic in the following code to make it simpiler. But it should "WORK" Can someone help me fix this code to where it works, and is done right? I know it's hacked… >>> More
Wordpress plugin help

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, On my wordpress site, I am hoping that I would be able to set up a page that only allows the users to access it if the member is logged in. I still need the link to be available in the navigation but for it to check if the user is signed in... I have been searching for about an hour and… >>> More
wordpress plugin "gd star rating", rate from list

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I have been using GD Star Rating plugin for a while now. I need my blog to allow users to rank posts, from a list of posts. I have One page which lists all posts. And I need to be able to rank each post from the list. I created a template and I am using [starrating template_id=45]. I need this… >>> More
Create custom rewrite rule for my WordPress plugin

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm writing a plug-in for WordPress which in fact will be a separate ordering module (it will be placed in an IFRAME on the site I'm developing as well as others) but with its admin tied into WordPress. I wrote the administration part without too much hassle, however I'm having trouble with the front-end… >>> More
Wordpress plugin to track logged users activity

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello. I need a Wordpress plugin to let me see any logged user's activity. I need to know what the user accessed from when he logged in. Any suggestions ? Thanks. >>> More