genjitech

never mind as i have found the problem. i use wpmu domain mapping and after updating fileaway i can no long choose my mapped domain as base url. even if manual set it in db options always reset back to base network site domain
site1.genjitech.com mapped as genjitech.com
genjitech.com is not available as base url only site1.genjitech.com which breaks the wp cookie..

do i need to open a new thread for mapped domain not available to choose as base?

ok to reproduct the problem
add .htaccess file to directory you wish to secure add
# These next two lines will already exist in your .htaccess file
RewriteEngine On
RewriteBase /
# Add these lines right after the preceding two
RewriteCond %{REQUEST_FILENAME} ^.*(doc|docx)$
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . – [R=403,L]
visit page and click link
Apache error| your are not allow by server configuration
now load copy the link and past it directly in address bar and file downloads like magic

.htaccess
tried in the /public_html/secure-content
tried /public_html {modifying the main wordpress .htaccess}
both yields same results

enable encrypted links is fine and plan on enabling this, but this doesnt fix the fact that with out .htaccess on the directory there is nothing in place to keep someone from just hotlinking the file as its open to the public..
even with encrypted links its not that hard to view source and get the complete path

root directory: wp install directory
base directory 1: /public_html/secure-content/
base url: genjitech.com (HTTPS)
———-
Statistics are disabled
—————-
[Shortcode]
[fileaway type=”table” showto=”administrator,insurance_company,safety_director” search=”yes” searchlabel=”Filter Data Below” mod=”no” redirect=”true” recursive=”on” only=”Accident-Safety” theme=”silver-bullet” heading=”Accident-Reports” hcolor=”blue” color=”blue” iconcolor=”blue”]

without adding .htaccess to directory the only security files have is to make sure “Options +Indexes” is turned off, but if direct path is known file is basically public available

Im using fileaway to list a directory with secured documents. As i do not want anyone to have direct access to files in this directory without being logged in. I wanted some extra security to disallow anyone who doesnt have nor is logged in wordpress to be able to get files..
Adding .htaccess to directory
# These next two lines will already exist in your .htaccess file
RewriteEngine On
RewriteBase /
# Add these lines right after the preceding two
RewriteCond %{REQUEST_FILENAME} ^.*(doc|docx)$
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . – [R=403,L]
works except with fileaway plugin..
If direct link to file without being logged in wordpress download is denyed
If direct link to file after loggin in wordpress file downloads as expected..
BUT if try to download file with link generated with fileaway .htaccess is ignored and is always denyed access to download file