How set privacy for asset URLs

  • I run a website with a public section and a members section. The members section is hidden by setting the visibility of that set of pages to ‘private’, and requiring a login to see them.

    But I’ve realised that uploaded assets – newsletter pdfs etc – are visible to the public by entering the direct URL.

    How can I make the assets themselves private?

Viewing 1 replies (of 1 total)

  • I think what you’d do is put the following in the root assets folder’s .htaccess:

    RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?localhost.*$ [NC]
RewriteRule \.(gif|jpg|pdf)$ - [F]

    You could add additional file extensions if you have other types of files you want to protect.

    That should return a 403 Forbidden error if you try to browse to the files directly, but should allow them to be displayed on the site.

Viewing 1 replies (of 1 total)
  • The topic ‘How set privacy for asset URLs’ is closed to new replies.

Tags