-
- 1,154 Posts
hmm it might be better to use contexts, that will prevent anonymous downloads right?
-
- 80 Posts
If your site is running on Apache you may want to consider a different approach: Instead of trying to hide the files, implement rewrite rules in your htaccess to direct download requests to a resource that runs an authorization snippet. If the user is logged in and has the appropriate permissions, the download is allowed; otherwise, the user gets redirected to a page with a message indicating that the download is not authorized.
The problem with simply hiding the files is that it doesn't take into account the fact that the path to any given file could be shared by an authorized user or otherwise made public.
I built a process for a research subscription site where each article had a downloadable PDF version. Those files were protected using the strategy above.
I can provide a little more guidance if needed should this idea interest you...
-
- 24,544 Posts
This is also an option:
https://docs.modx.com/extras/revo/filedownload-r.
It hides the path for you.
-
- 1,154 Posts
Oh wow thanks for the feedback smg6511v2 and BobRay, I had almost given up on this thread lol.
smg6511v2, that sounds like a very straightforward solution, very nice! Blocking at the htaccess level seems safer, too.
BobRay, Is there any easy way to push the filedownloader-r into the MIGX? I find I can't input the MIGX placeholder as the filename and get it to work programically.
I do think ultimately what I will do is move the files out of the root and use a media source, that's supposed to hide the paths. Susan has written many useful threads about this, although a clear user guide is still lacking.
I would have to go through and change the links but that's trivial.
But I always like the easy way best! And I ^love cramming bits of code together and making things work!
[ed. note: nuan88 last edited this post 5 years, 1 month ago.]
-
- 24,544 Posts
BobRay, Is there any easy way to push the filedownloader-r into the MIGX? I find I can't input the MIGX placeholder as the filename and get it to work programically.
Sorry, I don't know.
-
- 1,154 Posts
No worries, i didn't think it would work ha