Download file from FTP with X-Accel-Redirect/X-Sendfile or Force Downloads

  • Resolved Hossein

    (@hosseinkh)


    2 years, 12 months ago

    Hello
    I hope you are well!

    I try a lot but have not find a solution to have “a file as a downloadable product” without redirection method (to secure my files) from another download host.
    In fact, I want to upload my files via FTP to my DL Host, then use their link for woocommerce download link.
    After doing this, the customer cant download and systems show the file does not exist!

    How can I use woocommerce download files with an external host and FTP in a secure way?
    Regards

Viewing 8 replies - 1 through 8 (of 8 total)

  • @hosseinkh

    External links to the downloads should work correctly:
    https://docs.woocommerce.com/document/digital-downloadable-product-handling/#section-14

    Are you still having trouble with this?`

    Thread Starter Hossein

    (@hosseinkh)

    Hello
    If files uploaded to wordoress library yes. All options works fine.

    But, if files hosted on a separate host (separate download host) only the redirect method works, and the redirect method is not secure, and the real URL of files showed for customers.
    So they can use the file’s URLs and send them to others!

    It has to be secured for files that are hosted in different server or host and with X-Accel-Redirect/X-Sendfile or Force Downloads method for security reasons. (But now, it is not)

    I hope I can say the main problem ??

    Plugin Support con

    (@conschneider)

    Engineer

    Hi again!

    But, if files hosted on a separate host (separate download host) only the redirect method works,

    The problem lies in your file / URL path being broken by the download method to protect the URL. The redirect method is the only method that does not parse / modify the path for obfuscation.

    Could you check your filenames and path for spaces and special characters and remove them all. Afterwards try again.

    and the redirect method is not secure, and the real URL of files showed for customers.
    So they can use the file’s URLs and send them to others!

    That is true, but your external file system should also verify the source of the referrer. You could ask the provider to do that if they are not doing this currently so only traffic from your URL is allowed to download the files.

    Kind regards,

    Thread Starter Hossein

    (@hosseinkh)

    Hello

    The problem lies in your file / URL path being broken by the download method to protect the URL. The redirect method is the only method that does not parse / modify the path for obfuscation.
    Could you check your filenames and path for spaces and special characters and remove them all. Afterwards try again.

    the file path is as simple as possible like this :
    https://dl.domain.com/folder-name/file-name.ext

    Please, Please, check this at your side, please sell this file on a Woocommerce website as a download product:
    https://ps.w.org/woocommerce/assets/icon-128×128.png
    or any simple file address that is not located in your test Woocommerce environment.
    And only use “Redirect/X-Sendfile or Force Downloads”,
    And “Allow using redirect mode (insecure) as a last resort” must be unchecked, because we want to have a secure link only.

    After purchasing that product, and clicking on the download link you will see the error that says: “file URL not exists” or something like this.

    Kind Regards.

    Mirko P.

    (@rainfallnixfig)

    Hello @hosseinkh,

    Thanks for getting back to us!

    Is the direct link to the file working correctly? You can access the link under Product data > General > Downloadable files > File URL.

    Also, if you go to the Edit Order page can you see the product under “Downloadable product permissions”?

    If you still get the ‘File Not Found’ error you may want to have a look at the following article that explains how to fix it. Most of the time it’s because the Apache mod_xsendfile module is missing on the server.

    https://blogiestools.com/fix-woocommerce-file-not-found-error/

    Let us know if you have more questions.

    Thread Starter Hossein

    (@hosseinkh)

    Hello @rainfallnixfig

    Thank you in advance.

    It should be worked!
    Idon’t know why it is not mentioned in the settings page of woocommerce. I think it is better to mention that in there for cases like me ??

    Is it enough to install that module only on the main server?
    I mean the DL host must be untouched?
    Kind Regards

    Mirko P.

    (@rainfallnixfig)

    Hi @hosseinkh,

    Idon’t know why it is not mentioned in the settings page of woocommerce.

    This is mentioned in the “Digital/Downloadable Product Handling” page that was shared above:

    https://woocommerce.com/document/digital-downloadable-product-handling/#:~:text=This%20method%20requires%20the%20X%2DAccel%2DRedirect/X%2DSendfile%20module%20to%20be%20installed%20and%20enabled%20on%20the%20server.

    Since enabling mod_xsendfile Apache module would require root access to the server it is best that you reach out to your host that should be able to install the module for you.

    Thanks.

    Mirko P.

    (@rainfallnixfig)

    Hi there,

    We haven’t heard from you in a while, so I’m going to mark this as resolved. Feel free to start a new thread if you have any more questions.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Download file from FTP with X-Accel-Redirect/X-Sendfile or Force Downloads’ is closed to new replies.