hmm it might be better to use contexts, that will prevent anonymous downloads right?
If your site is running on Apache you may want to consider a different approach: Instead of trying to hide the files, implement rewrite rules in your htaccess to direct download requests to a resource that runs an authorization snippet. If the user is logged in and has the appropriate permissions, the download is allowed; otherwise, the user gets redirected to a page with a message indicating that the download is not authorized.
The problem with simply hiding the files is that it doesn't take into account the fact that the path to any given file could be shared by an authorized user or otherwise made public.
I built a process for a research subscription site where each article had a downloadable PDF version. Those files were protected using the strategy above.
I can provide a little more guidance if needed should this idea interest you...
This is also an option:
https://docs.modx.com/extras/revo/filedownload-r.
It hides the path for you.
Oh wow thanks for the feedback smg6511v2 and BobRay, I had almost given up on this thread lol.
smg6511v2, that sounds like a very straightforward solution, very nice! Blocking at the htaccess level seems safer, too.
BobRay, Is there any easy way to push the filedownloader-r into the MIGX? I find I can't input the MIGX placeholder as the filename and get it to work programically.
I do think ultimately what I will do is move the files out of the root and use a media source, that's supposed to hide the paths. Susan has written many useful threads about this, although a clear user guide is still lacking.
I would have to go through and change the links but that's trivial.
But I always like the easy way best! And I ^love cramming bits of code together and making things work!
[ed. note: nuan88 last edited this post 5 years, 10 months ago.]
BobRay, Is there any easy way to push the filedownloader-r into the MIGX? I find I can't input the MIGX placeholder as the filename and get it to work programically.
Sorry, I don't know.
No worries, i didn't think it would work ha