Need help with setting up file security?
Permalink
The site I am building will have a members-only area with some file downloads so I don't want the file downloads to be indexed by search engines. I looked at the robots.txt file that gets installed with c5 and I see that the "files" directory is not listed. Will it cause problems for content being indexed if I add "files" to robots.txt since the cache is in there? With all the subdirectories that get created during uploads, I'm not sure the best way to protect content. Am I better off with .htaccess to prevent directory listing?
I assume I do not have to worry about the content that is only visible when you logon as a member? Thanks for any help you can give.
I assume I do not have to worry about the content that is only visible when you logon as a member? Thanks for any help you can give.
Thanks Remo. You are the most helpful person on the forums! Your answers are extremely appreciated!
I'll probably use the c5 file manager to set a password on any sensitive files as well as robots.txt and .htaccess.
Do you recommend also setting a password on the directory itself?
How would you block direct calls to files? I'm not sure what you mean by this.
Thanks again.
I'll probably use the c5 file manager to set a password on any sensitive files as well as robots.txt and .htaccess.
Do you recommend also setting a password on the directory itself?
How would you block direct calls to files? I'm not sure what you mean by this.
Thanks again.
you can use a .htaccess file to block direct calls to /files/* but as I said, this would cause a couple of problems because not all file downloads/views are redirected through index.php
Not sure if I missed something, but from what I've seen, it takes a bit to build a "completely secure file protection".
One more important thing: Don't allow directory browsing! Otherwise something could enterhttp://www.concrete5.org/files/ and would see all the sub directories..
Not sure if I missed something, but from what I've seen, it takes a bit to build a "completely secure file protection".
One more important thing: Don't allow directory browsing! Otherwise something could enterhttp://www.concrete5.org/files/ and would see all the sub directories..
Some files are included with a static url (/files/1234/1234/myGreatPic.jpg) and some through a php file (index.php/bla/myGreatPic.jpg).
You could block direct calls to files but it might cause some problems..
I'd use a second storage location for this..
Content in pages is easier to protect!