20 jili casino online login registration,Dbx casino real money philippines.Recharge Every day and Get Bonus up-to 50%!

(@simanonok)

Installed Membership 2 Free last December and used it to protect a PDF file so that only members could download it. Worked like a charm for a long time. Then suddenly it stopped working and only showed the ‘Forbidden’ error for logged-in users. After lots of somewhat random diddling around without success, finally arrived at this set of conditions for testing: Cacheing OFF at Cloudflare.com which handles my DNS and also OFF through my hosting provider’s Cpanel; no cacheing WordPress plugins are being used. Used two test machines, one running Windows 7 and the other Windows 10 (no differences in any responses between them were ever noticed); used Chrome’s Incognito Window feature to test the pasted-in link to the PDF as a non-logged-in user. All WordPress plugins are updated, my two test computers scanned for viruses using AVG Free and found clean. Performed a global reset to default of all the site’s file permissions twice through my hosting provider’s Cpanel, with no noticeable effects, the Linux permission on the PDF is -rw-r–r– and the permission on all containing subdirectories is the same: drwxr-r-xr-x. These are the contents of wp-content/uploads/.htaccess:

## Membership 2 - Media Protection ##
Options -Indexes
Deny from all
<FilesMatch '\.(jpg|jpeg|png|gif|mp3)$'>
Order Allow,Deny
Allow from all
</FilesMatch>
## Membership 2 - End ##

The 'Link to the page you need help with' is to the relevant PDF file which should of course always show the Forbidden error for non-logged-in users.  Feel free to create an account on the homepage of https://nukewar.info, validate your email, and see if you are then allowed to download the PDF titled 'Antinuclear Nutrition' from the Account page after you login.  Turning OFF the Media Protection slider switch found on the upper right corner of the Media Protection popup on the Membership Add-ons page makes the PDF instantly accessible to both logged-in and non-logged-in users, pretty well identifying the culprit as Membership 2.  Changing to any of the three Protection Methods on the popup where that switch is also found does absolutely nothing, the default link is always produced (I am assuming that function was once called “Mask download URL” as described by user Nik (@nikbond) who reported similar but not identical problems with Media Protection a year ago, as I do not find the words “Mask download URL” anywhere in the current version of Membership 2).  The strangest behavior of all was noticed at one point when the PDF file briefly became accessible to non-logged-in users but was still Forbidden for logged-in users!  It didn't stay that way for very long though, and nothing was changed on the site, my browser, or on Cloudflare other than refreshing the page for the logged-in user and the non-logged-in user in an Incognito window.  After two or three refreshes of each, the original bad behavior of not working for either returned.  

Some potentially relevant data:

System Overview
===============
WP Version: 5.1.1
PHP Version: 7.3.0
Database Version: 10.2.17-MariaDB
Client IP Address: ***redacted***
Server IP Address: ***redacted***
Server Load: 6.64, 7.45, 7.53
Server Load Average: 7.207
PHP Memory Usage: 8% (42.47M of 512M)

WordPress Info
==============
WP Version: 5.1.1
Active Theme: Twenty Sixteen, Version 1.5
WP Memory Limit: 40 MB
WP Remote Post: Enabled
WP Debug Mode: Disabled
WP Debug Log: Disabled
WP Debug Display: Enabled
WP Debug Script: Disabled
Query Logging: Enabled
Disallow File Edit: Disabled
Allow Core Auto Update: Disabled
WP DB Hostname: localhost
WP DB Name: ***redacted***
Active Plugins: 16
WP Language: English / en_US
Advanced Caching: Disabled
External Object Cache: Disabled
WordPress Time: 2019-04-12 23:20:08
Update Method: Direct access allowed

Client Info
===========
Platform: Windows 7 : 64 bit
Browser: Chrome
IP Address: ***redacted***
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Hostname: ***redacted***
Client Port: 55063

Server Info
============
OS/Server: Linux ***redacted*** 3.10.0-714.10.2.lve1.5.19.3.el7.x86_64 #1 SMP Tue Aug 7 21:33:29 EDT 2018 x86_64
Server Software: Apache
Server Version: 64Bit
Server Address: 31.170.161.38
Server Port: 80
Document Root: /home/***redacted***/public_html
Server Name: nukewar.info
Server Load: 6.64, 7.45, 7.53
Load Average: 7.207
Server Signature: Disabled
Apache Modules: mod_rewrite, mod_mime, mod_headers, mod_expires, mod_auth_basic
Server Protocol: HTTP/1.1
HTTP Connection: Keep-Alive
Server Gateway: n/a
Server Time: 2019-04-13 03:20:08

Database Info
=============
Database: MariaDB Server
Version: 10.2.17-MariaDB
Uptime: 67 days, 13 hours, 0 minutes, 20 seconds
Hostname: us-imm-web136.main-hosting.eu
Charset: utf8

PHP Info
========
PHP Version: 7.3.0
Zend Engine: 3.3.0-dev
PHP Memory Limit (runtime / server): 512M / 512M
PHP Memory Usage: 8% (42.8M of 512M)
PHP Peak Memory Usage: 44.5M
PHP Post Max Size: 256M
PHP Upload Max File Size: 256M
PHP Execution Time Limit: 240s
PHP Input Time Limit: 240s
PHP Max Input Vars: 1000
PHP Include Path: /home/***redacted***/public_html/wp-content/plugins/backwpup/vendor/pear/archive_tar:/home/***redacted***/public_html/wp-content/plugins/backwpup/vendor/pear/console_getopt:/home/***redacted***/public_html/wp-content/plugins/backwpup/vendor/pear/http_request2:/home/***redacted***/public_html/wp-content/plugins/backwpup/vendor/pear/mail_mime:/home/***redacted***/public_html/wp-content/plugins/backwpup/vendor/pear/mail_mime-decode:/home/***redacted***/public_html/wp-content/plugins/backwpup/vendor/pear/net_url2:/home/***redacted***/public_html/wp-content/plugins/backwpup/vendor/pear/pear-core-minimal/src:/home/***redacted***/public_html/wp-content/plugins/backwpup/vendor/pear/pear_exception:.:/opt/alt/php73/usr/share/pear
PHP Allow URL File Open: Enabled
PHP File Uploads: Enabled
Session: Enabled
Session Name: PHPSESSID
Cookie Path: /
Save Path: /opt/alt/php73/var/lib/php/session
Use Cookies: Enabled
Use Only Cookies: Enabled
Loaded Extensions: Core, date, libxml, openssl, pcre, sqlite3, zlib, bz2, calendar, ctype, curl, hash, filter, ftp, gettext, gmp, SPL, iconv, pcntl, readline, Reflection, session, standard, shmop, SimpleXML, mbstring, tokenizer, xml, litespeed, PDO, pdo_mysql, fileinfo, wddx, sysvsem, bcmath, Phar, xmlwriter, redis, sockets, json, igbinary, exif, sysvshm, sysvmsg, mysqli, dom, mysqlnd, pdo_sqlite, xmlreader, posix, xsl
open_basedir:
fsockopen: Enabled
cURL: Enabled
SOAP Client: Disabled
Short Open Tag: Enabled

Security Info
=============
Register Globals: Disabled
Safe Mode: Disabled
Display Errors: Disabled
allow_url_include: Disabled
allow_url_fopen: Enabled
Magic Quotes: Disabled
Server Signature: Disabled
WP Unique Keys: Enabled
mod_security: Disabled
open_basedir: Disabled
upload_tmp_dir: /tmp
expose_php: Enabled

This topic was modified 5 years, 7 months ago by simanonok. Reason: added 'Free' for clarity
This topic was modified 5 years, 7 months ago by Jan Dembowski.

The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

Plugin Support Predrag – WPMU DEV Support
(@wpmudev-support1)

5 years, 7 months ago
Hi @simanonok,

Hope you’re doing well.

Can you tell me where that .htaccess rule commented with ## Membership 2 – Media Protection ## comes from?

Membership 2 doesn’t use .htaccess rules to protect media files and it doesn’t protect direct URL, it will mask your media file URL and protect then that masked URL, the file will still be available via direct link.

The error you are seeing is coming from the .htaccess rule that you are using:
```
## Membership 2 - Media Protection ##
Options -Indexes
Deny from all
<FilesMatch '\.(jpg|jpeg|png|gif|mp3)$'>
Order Allow,Deny
Allow from all
</FilesMatch>
## Membership 2 - End ##
```
But that code shouldn’t be added by Membership 2 plugin.

Cheers,
Predrag
Thread Starter simanonok
(@simanonok)

5 years, 7 months ago

Hi Predrag,

Thanks for looking at this, but perhaps you are confusing Membership 2 with another plugin?

The page at https://nukewar.info/wp-admin/admin.php?page=membership2-settings&tab=media (Advanced Media Protection) says this, more or less (wish I could paste a screenshot):

Protect uploaded files
Prevent direct access to your uploaded media files

Only allow direct access to the following file extensions.
jpg,jpeg,png,gif,mp3

We will place .htaccess file into the /wp-content/uploads/ folder to prevent direct access to files other than those defined. Each change in the files needs the htaccess file updated

… Then there’s an ‘Update htaccess’ button below.

You can delete or rename the .htaccess file in that location and pressing the button on this page will recreate it.
Plugin Support Predrag – WPMU DEV Support
(@wpmudev-support1)

5 years, 7 months ago
Hi @simanonok,

You’re right, Advanced Media Protection completely slipped my mind, sorry about that, looks like I need more coffee in me ??

So in Advanced Media Protection, you can set the extensions that you want to be accessible.
And from what I see in your .htaccess rules the PDF is not on the list.

Go to Membership 2 > Settings > Advanced Media Protection and in your allowed file list add PDF so it looks like this:
https://monosnap.com/file/mohI37VgIjRtv0IyqqXYzGxdeVMHhX

Or you can update your wp-content/uploads/.htaccess to look like this:
```
## Membership 2 - Media Protection ##
Options -Indexes
Deny from all
<FilesMatch '\.(jpg|jpeg|png|gif|mp3|pdf)$'>
Order Allow,Deny
Allow from all
</FilesMatch>
## Membership 2 - End ##
```
Once the PDF is in the allowed list everything should be fine.

Cheers,
Predrag
Thread Starter simanonok
(@simanonok)

5 years, 7 months ago

Thanks for the idea, but it doesn’t work. What happens when I add ‘pdf’ to the list under Advanced Media Protection, the PDF file then becomes available to anyone with the URL, exactly the result NOT desired.

Close inspection on that settings page shows that it says “Only allow direct access to the following file extensions”, just above the form box where you construct the list. In other words, anything NOT on that list is supposed to be protected. Sorta counterintuitive way to do it but that’s the way it is.

Any other ideas?

Plugin Support Amin – WPMU DEV Support
(@wpmudev-support2)

5 years, 7 months ago

Hello @simanonok ,

If you want to allow to download these files for your members you need to use a different method.
Advanced protection disallows access when the full path to file is used. And with PDF this is the case when you have to download it.
You need to use “Protect Individual Media files ” instead of the “Advanced Media Protection “.

kind regards,
Kasia

Thread Starter simanonok
(@simanonok)

5 years, 7 months ago

Thank you for your suggestions, but nothing works anymore to enable content protection. Not Advanced Media Files, not Protect Individual Media Files, not even URL protection. Not only that, but even when all protection has been shut off it is necessary to go into /public_html/wp-content/uploads/ and delete or rename the .htaccess file in order to even gain access to the ‘unprotected’ PDF file, Membership 2 does not even take care of that anymore. I have deactivated every plugin that’s even remotely unnecessary and the only plugin deactivation that makes the PDF file accessible again is the Membership 2 plugin, AND I still have to delete or rename .htaccess in /public_html/wp-content/uploads/.

Strange how content protection used to work fine but nothing at all will make it work now.

I am going to have to either A) use another membership plugin with content protection or B) try to use Membership 2 with a separate plugin that only does content protection. Can you recommend what you think might be the best options for BOTH A) and B)?

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Media Protection Instability’ is closed to new replies.