URGENT: Forced download option not protecting download links

  • Resolved squilib

    (@squilib)


    3 years, 7 months ago

    Hi, I need a URGENT HELP.
    Since my host Siteground moved to NGINX Direct Delivery, the urls of my digital items are all visible and I hope my business is not already compromized.
    I set “Force downloads”
    The .htaccess file contains: deny from all
    According to the Woocommerce documentation, the NGINX requires extra code:
    https://docs.woocommerce.com/document/digital-downloadable-product-handling/#nginx-setting
    The page suggests two codes: one for X-Accel-Redirect/X-Sendfile and or “Force Downloads” and one for “Redirect Only” (the images are swapped in the post)
    Should I add the code under deny from all?
    May this code let the site crash with Cloudflare?
    Siteground says it’s out of their scope
    Thank you

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter squilib

    (@squilib)

    Edited: I added the extra code under deny all on the staging site.
    The files are still visible

    Thread Starter squilib

    (@squilib)

    I asked Siteground, they removed NGINX
    Now my customers and even I, the admin, are receiving a 403 forbidden error

    Siteground says
    The .htaccess file created under wp-content/uploads/woocommerce_uploads/ contains “Deny from all” rule, which means that access to that directory and its sub-directories will be restricted.

    This way my customers and myself can’t access the downloadable orders.
    The woocommerce_uploads directory has 755 permission

    Do you suggest to remove “deny from all”?

    Thread Starter squilib

    (@squilib)

    NGINX was not the problem.

    The problem was related to redirections between https://www.mysite.com and mysite.com

    Once mysite has been definitely set to mysite.com (thanks to a staging deployment !!), I’ve replaced all the files of my digital items and now they are visible to all my customers.

    No need to change “deny from all” in the woocommerce access file.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘URGENT: Forced download option not protecting download links’ is closed to new replies.

Tags