Prevent access from backend

  • Resolved tsowter

    (@tsowter)


    2 years, 4 months ago

    This plug in works very well and I love the fact that you can have different access for different user types. However, how do I prevent access from people accessing the links directly? If there are files from a particular user which are restricted, if the link to that file gets out, anyone can access the link regardless of permissions just going to the link address.
    I’ve tried restricting access via .htaccess, but that restricts access even through File Manager.
    How do I configure it so access is only through file manager and not directly?
    Tony

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author modalweb

    (@modalweb)

    You can put a .htaccess file in that folder that contains just:

    deny from all

    That way you cannot open or access any file from direct link.

    or

    You can simply check the option “Hide File Path on Preview ?” from file manager’s settings.

    I use following content in .htaccess – so I can preview pdfs

    # File Access Restricter
RewriteEngine On
# 1) If NOT the current host
RewriteCond %{HTTP_HOST}@@%{HTTP_REFERER} !^([^@]*)@@https?://\1/.*
# 2) Deny access to these types
RewriteRule \.(gif|jpg|jpeg|png|tif|pdf|doc|docx|xls|txt|svg|psd|eps|mp4|zip?)$ - [F]
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Prevent access from backend’ is closed to new replies.