Does not seem to protect direct access

Created on 18 December 2022, about 2 years ago

Updated 24 March 2023, over 1 year ago

Problem/Motivation

Need to protect files in private folder

Steps to reproduce

I have Private local files served by Drupal selected.
I have a private folder in settings.php: /sites/default/files/private_files and a subdirectory Board, which I entered as the directory in this module. It is protected by Role access for Board, Admin, Manager
Yet anyone on the internet with the URL of a file in this folder can access it.
What am I doing wrong?

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

💬 Support request

Status

Closed: works as designed

Version

3.0

Component

User interface

Created by

🇺🇸United States tjtj

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
🇮🇹Italy zanonmark
Hi,

as far as I can tell, the "private" directory You chose is actually public because it's a subdirectory of webroot,

try moving private_files outsite webroot (generally this means: outside /var/www if under Linux, or outside C:\Apache24 if under Windows),

alternatively You could place a .htaccess file in private_files denying public access, but I prefer the first method.

Best regards,
MZ
Assigned to zanonmark
Status changed to Closed: works as designed over 1 year ago6:01pm 24 March 2023
Comment over 1 year ago →
🇮🇹Italy zanonmark

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024