Prevent DIrect Access – not protecting direct access

  • Resolved rascalsailor

    (@rascalsailor)


    2 years, 4 months ago

    Hi I installed the free version of the plugin and configured a file for protection, but if I paste the protected link URL into a browser I can still get to the file.
    This is on my hosted server.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author WP Folio Team

    (@buildwps)

    Hi @rascalsailor,

    Thanks for reaching out to us.

    Don’t worry. We’ve always got your back.

    To assist you better, could you please provide us with the following information?

    1. Both?protected?and?private?URLs?of a sample?protected file.
    2. Some screenshots of your .htaccess or Nginx config file.
    3. Your hosting provider.

    You might also want to send these details to our support email – hello(at)preventdirectaccess.com so that our team can support you faster.

    Thread Starter rascalsailor

    (@rascalsailor)

    Hi Thanks for reply.
    htacces contains:

    
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

    Further: I cleared the browser cache: and I can’t access the files (just get my 404 page)
    the Protected link is:
    https://sherver.co.za/funtronics/wp-content/uploads/_pda/lm_uploads/2022/11/ER02-Day-Skipper-Exam-Report-Form-v2.0.pdf
    Private download link is:
    https://sherver.co.za/funtronics/private/63661babebe42
    Thanks Russell

    Plugin Author WP Folio Team

    (@buildwps)

    Hi Russell,

    Thanks for getting back to us.

    Our rewrite rules have been inserted correctly. Could it be a caching issue?

    We’re redirected to your 404 not found page when accessing your protected URL, which is correct.

    Can you access the file when logging in with the correct permission, Russell?

    You might also want to drop us an email at hello(at)preventdirectaccess.com so that our team can support you faster, @rascalsailor.

    Thread Starter rascalsailor

    (@rascalsailor)

    Hi, thanks for the reply.
    I can’t download the file when logged in as admin.
    It may just be my misunderstanding of the use of the plugin:
    I have downloads available on a page. Only registered client users can reach the page and download files. I wanted to prevent the files from being accessed by someone managing to copy the URL and pasting into a browser, by using the generated link.
    Possibly this is not the correct use of the plugin as the logged in user isn’t admin

    Regards
    Russell

    Plugin Author WP Folio Team

    (@buildwps)

    Hi Russell,

    Yes, you can absolutely achieve that with our plugin.

    #1. Our PDA Lite version allows you to grant protected file access to admin users and/or file authors.

    Meanwhile, our PDA Gold version allows you to grant logged-in users or even custom roles access to your protected files.

    Are your users required to log in to your site before downloading files, Russell?

    #2. Just to clarify, upon protection, all your files will be moved to our protected (_pda) folder. Original (aka unprotected) URLs will return 404 by default.

    So if you already embedded your files into content before protecting them, you’d need to replace the unprotected URLs with protected URLs (which contain _pda) accordingly.

    Let us know if it makes sense to you.

    You might also want to drop us an email at hello(at)preventdirectaccess.com so that our team can support you easier & faster, @rascalsailor.

    • This reply was modified 2 years, 4 months ago by WP Folio Team. Reason: Format
    Thread Starter rascalsailor

    (@rascalsailor)

    HI thanks for reply.
    Ok so I think the issue is I need the PDA gold version in order to be able to allow the logged in clients to download the protected files?
    My html form looks like this:

    <label for="DS_files">Report form:</label>
<form id="msform2" onsubmit="this.action = document.getElementById('report').value">
    <select id="report">
        <option value="https://sherver.co.za/funtronics/wp-content/uploads/_pda/lm_uploads/2022/11/ER02-Day-Skipper-Exam-Report-Form-v2.0.pdf">Report Form</option>

    </select>
    <input type="submit" value="Download" class="grey-btn">
</form>

    I can download the file only if I am logged is as admin.
    Is that correct?
    Russel

    • This reply was modified 2 years, 4 months ago by rascalsailor.
    • This reply was modified 2 years, 4 months ago by rascalsailor.
    Plugin Author WP Folio Team

    (@buildwps)

    Hi Russell,

    Yes, you’re right.

    To allow logged-in users to download protected files, you’ll need our PDA Gold version.

    Let us know if it makes sense to you.

    Thread Starter rascalsailor

    (@rascalsailor)

    Hi, thanks for that
    regards
    Russell

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Prevent DIrect Access – not protecting direct access’ is closed to new replies.