<![CDATA[ Access Permissions - Hide PDF files on server from anonymous? - My Forums]]> https://forums.modx.com/thread/?thread=94281 <![CDATA[Access Permissions - Hide PDF files on server from anonymous?]]> https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511024
Can anybody point me in the right direction? I want to hide a server directory (which has sensitive PDFs) from the general public aka. the Anonymous user. Is there anyway to do that? These sensitive PDFs keep popping up in Google results.

Things I've tried already:

  1. Media Source - I have a feeling that this might be the answer, but I can only block certain users when they're logged into MODx. Obviously the anonymous user won't be logged in...helpful hints anyone?
  2. cPanel/.htaccess - I tried adding a password to a server directory via cPanel (this creates an .htaccess and .htpass file). But I gave up because for some reason it would not work. PLUS I would prefer if our client didn't have to log-in into the server after already signing into MODx.
  3. Google Webmaster Tools - I've already asked the client to manually remove the PDFs from the Google Index. However, this is proving to be too much work.
  4. Robots.txt - I've added a robots.txt file blocking the directory but strangely enough the sensitive PDFs would still show up.

Any ideas?

Ta,
Sar]]> insightdesign Sep 23, 2014, 01:12 AM https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511024 <![CDATA[Re: Access Permissions - Hide PDF files on server from anonymous?]]> https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511190
The problem is that resources have no way of storing which Media Source they are using (elements have a "source" field to indicate which Media Source they're using, as well as a "static_file" field for storing the selected file's path). So the path you get when you select the file is all that the static resource will ever have.

There are two ways to work around this. One is to use an absolute (relative set to No) path, such as /home/domain/downloads/, for both the base_path and the base_url. This will result in the full path being what gets put into the static resource's content, minus the leading /. This has two disadvantages. The editor has to make sure the leading / is prepended to the path, and since the whole path is stored, changing the Media Source's path won't change the path of existing static resources.

The way I solved this was to ignore the Media Source base_url, and have a chunk with the same path as the Media Source's base_path. This chunk tag needs to be prepended to the path in the resource's content, which can be done automatically with a plugin. If the path of the Media Source is changed, you also need to edit the chunk.]]> sottwell Sep 24, 2014, 11:32 PM https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511190 <![CDATA[Re: Access Permissions - Hide PDF files on server from anonymous?]]> https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511102 ]]> mrhaw Sep 24, 2014, 01:33 AM https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511102 <![CDATA[Re: Access Permissions - Hide PDF files on server from anonymous? (Best Answer)]]> https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511090 Quote from: Bruno17 at Sep 23, 2014, 09:48 AM
MODX should have access to directories, protected by 'Deny from all'.
So static resources should work there.

So, I've done some testing and have been successful in placing files outside of the root directory and accessing them via a new Media Source!

For anyone who needs to know what I did:

  1. Files on server - Place sensitive files outside of root directory.
  2. Media Source - Create a new 'Media Source' with the 'basePath' of '../' and 'baseUrl' of '../' and leave the other values as default. See screenshot for clarification.
  3. Static Resource - You can now create a 'Static Resource' and select sensitive files from outside of the root directory by selecting the new 'Media Source'!


Thanks for your help guys!
Sar]]> insightdesign Sep 23, 2014, 08:35 PM https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511090 <![CDATA[Re: Access Permissions - Hide PDF files on server from anonymous?]]> https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511033 So static resources should work there.]]> Bruno17 Sep 23, 2014, 04:48 AM https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511033 <![CDATA[Re: Access Permissions - Hide PDF files on server from anonymous?]]> https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511029 Quote from: Bruno17 at Sep 23, 2014, 08:32 AM
you can put them outside the web-root or into a directory with a .htaccess -file with 'Deny from all'
Then you can create static resources for each file, and make that resources private, by putting them into resource-groups.

Hi Bruno,

I actually thought of this..but I was worried that the htaccess file would block any incoming traffic?? Even from a static resource??

But I'll give it a try smiley

Sar]]> insightdesign Sep 23, 2014, 03:42 AM https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511029 <![CDATA[Re: Access Permissions - Hide PDF files on server from anonymous? (Best Answer)]]> https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511028 Then you can create static resources for each file, and make that resources private, by putting them into resource-groups.]]> Bruno17 Sep 23, 2014, 03:32 AM https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511028 <![CDATA[Re: Access Permissions - Hide PDF files on server from anonymous?]]> https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511026 Quote from: mrhaw at Sep 23, 2014, 06:47 AM

4) There are ways of storing files in the database. I use data:image/png;base64,... for images and would go that route + use a separate
database.

Hi!

Thanks for your advice! But is there no other way to use MODx's native security to block the server files from Google search results?

Sar]]> insightdesign Sep 23, 2014, 02:04 AM https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511026 <![CDATA[Re: Access Permissions - Hide PDF files on server from anonymous?]]> https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511025
2) This you need to learn and not give up on... tongue
https://www.google.com/search?q=.htpasswd+tutorial
https://www.google.com/search?q=.htaccess+hotlinking+prevention

3) If you look into various file download snippets they provide some security options (salted, temporary links etc)
https://www.google.com/search?q=modx+revolution+file+download

4) There are ways of storing files in the database. I use data:image/png;base64,... for images and would go that route + use a separate
database.]]> mrhaw Sep 23, 2014, 01:47 AM https://forums.modx.com/thread/94281/access-permissions---hide-pdf-files-on-server-from-anonymous#dis-post-511025