Can anybody point me in the right direction? I want to hide a server directory (which has sensitive PDFs) from the general public aka. the Anonymous user. Is there anyway to do that? These sensitive PDFs keep popping up in Google results.
Things I've tried already:
Media Source - I have a feeling that this might be the answer, but I can only block certain users when they're logged into MODx. Obviously the anonymous user won't be logged in...helpful hints anyone?
cPanel/.htaccess - I tried adding a password to a server directory via cPanel (this creates an .htaccess and .htpass file). But I gave up because for some reason it would not work. PLUS I would prefer if our client didn't have to log-in into the server after already signing into MODx.
Google Webmaster Tools - I've already asked the client to manually remove the PDFs from the Google Index. However, this is proving to be too much work.
Robots.txt - I've added a robots.txt file blocking the directory but strangely enough the sensitive PDFs would still show up.
you can put them outside the web-root or into a directory with a .htaccess -file with 'Deny from all'
Then you can create static resources for each file, and make that resources private, by putting them into resource-groups.
you can put them outside the web-root or into a directory with a .htaccess -file with 'Deny from all'
Then you can create static resources for each file, and make that resources private, by putting them into resource-groups.
Hi Bruno,
I actually thought of this..but I was worried that the htaccess file would block any incoming traffic?? Even from a static resource??
MODX should have access to directories, protected by 'Deny from all'.
So static resources should work there.
So, I've done some testing and have been successful in placing files outside of the root directory and accessing them via a new Media Source!
For anyone who needs to know what I did:
Files on server - Place sensitive files outside of root directory.
Media Source - Create a new 'Media Source' with the 'basePath' of '../' and 'baseUrl' of '../' and leave the other values as default. See screenshot for clarification.
Static Resource - You can now create a 'Static Resource' and select sensitive files from outside of the root directory by selecting the new 'Media Source'!
Be aware that static resources don't recognize Media Sources. The file browser does, which is why you can select files from a Media Source. So while this appears to work, it's very loose. What will be saved as the file path will be everything from the Media Source's base path. If you need to be more specific in your Media Source path, such as '../downloads/', that path will be lost in the actual path stored for the static resource, which might be something like 'pdfs/thisfile.pdf'. With elements, the Media Source's base_path will automatically get prepended to the partial path stored by the static element (urls are irrelevant to this particular use-case, as they won't work outside of the web root).
The problem is that resources have no way of storing which Media Source they are using (elements have a "source" field to indicate which Media Source they're using, as well as a "static_file" field for storing the selected file's path). So the path you get when you select the file is all that the static resource will ever have.
There are two ways to work around this. One is to use an absolute (relative set to No) path, such as /home/domain/downloads/, for both the base_path and the base_url. This will result in the full path being what gets put into the static resource's content, minus the leading /. This has two disadvantages. The editor has to make sure the leading / is prepended to the path, and since the whole path is stored, changing the Media Source's path won't change the path of existing static resources.
The way I solved this was to ignore the Media Source base_url, and have a chunk with the same path as the Media Source's base_path. This chunk tag needs to be prepended to the path in the resource's content, which can be done automatically with a plugin. If the path of the Media Source is changed, you also need to edit the chunk.