Public root path

  • Resolved ricks03

    (@ricks03)


    5 years, 2 months ago

    Using WP File Manager Pro 5.5 on WordPress 5.3.2

    My base assumption here is that if I have files stored in WP File Manager Pro that are in the path of the website, they’re accessible to anyone that knows the file name. So I don’t want them under public_html.

    So I have changed the Public Root Path (/admin.php?page=wp_file_manager_root) to be /home/ricks03/wpfm instead of the default of “/home/ricks03/public_html/”

    That works from a WPFM file access perspective. WPFM lets me browse the files in the folders, with me able to control access by role.

    Now I’d like to be able to create a URL to one of those files. If I select document.pdf in WPFM and select the Share option, I get a link of : https://mydomain.org/document.pdf

    That link doesn’t work (unsurprisingly). What would be the correct URL to access the file?

    I’m trying to replicate functionality I had under Drupal with the webfm module. Under webfm, the url for that file would be https://mydomain.org/webfm/document.pdf. Webfm would then control access to that file based on the configuration. That way the files on the file manager were:in the file manager; not accessible if you had no user ID but knew the URL, from a https: URL

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author mndpsingh287

    (@mndpsingh287)

    Hey @ricks03,

    You can restrict direct access of URL with htaccess, please follow the given link.

    https://stackoverflow.com/questions/19118482/deny-access-to-one-specific-folder-in-htaccess/19118529

    Regards,
    Mandeep

    Thread Starter ricks03

    (@ricks03)

    I don’t believe that will resolve my issue?

    But let me walk through the scenario.

    My files are in /home/ricks03/public_html/wpfm
    I use .htaccess to restrict access to https://mysite.com/wpfm

    Now I can use the WPFM plugin to browse the files, yet https://mysite.com/wpfm/document.pdf won’t work at all.

    That makes the functionality identical between having the files in /home/ricks03/wpfm and /home/ricks03/public_html/wpfm (with the root folder set appropriately) – you can view the file in WPFM (and only WPFM) but can’t access the file at all at https://mysite.com/wpfm/document.pdf

    But that’s not quite what I want. I want to be able to have a user click on https://mysite.com/wpfm/document.pdf and have the file open, IF they’re a member of the appropriate role, and not have access if they do not have the appropriate role. Using .htaccess doesn’t limit access by role.

    If I place the files in /home/ricks03/public_html/wpfm and then limit access to the folder via .htaccess, is there a way then to create a URL that will work if (and only if) the user is a member of the appropriate role?

    In webfm (drupal), you move the files out of the web root (so you can’t get there via a URL) and then webfm manages all the access to files via either the console, OR via direct URL.

    I agree with ricks03.

    The opening of a file should be processed via Filemanger and not via a direct link to the file (… like download in the context menu?). So the root directory could be kept outside of the webserver public directory.

    In the current version, anyone who knows the link, whether logged in or not, can access the file.

    Regards, Claudio

    Plugin Author mndpsingh287

    (@mndpsingh287)

    Hey @sncs,

    you can put a .htaccess file in that folder that contains just:

    deny from all

    That way you cannot open any file from that folder, but you can include them in PHP without any problems.

    Please refer, https://stackoverflow.com/questions/9282124/deny-direct-access-to-a-folder-and-file-by-htaccess

    Regards,
    Mandeep

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Public root path’ is closed to new replies.