themexpert
Protect /digicom folder from direct access
The repository use /digicom folder and any visitor can download file directly. The folder must be protected from direct access via .htaccess.
Order allow,deny Deny from all
for your safety you need to change your file upload folder name. from your hosting or server configuration please protect directory listing if no index.html file found.
or you can create a blank index.html file.
as far i found these days joomla also dosent provide index.html file all over as its recommended to apply it from server label.
thanks
It's not enough to put index.html since let's imagine the situation: user purchased a product and the subscription have expired. After some period of time the user found old message with download link and get latest version of the extension via direct link despite of fact the subscription is expired. My idea is to deny direct download by link - let users log on site and download the item from downloads page. Sure, I can do this via .htaccess as I've described above. Just thought it can be useful to open such discussion, so including this file in the distributive pack is not necessary, but perhaps is worth to be mentioned in the documentation as alternative way to protect the folder.
Thank you.
Hi, how can user get direct link ever? digicom dosent sent direct link. it has the mechanism to provide a temporary url, so when someone will try to download anything
- he must be loged in,
- then he must have purchase that,
- third his subscription of the product need to be active
i agree for further security we may guide users to set that from admin or a documentation about how to do them.
thanks