OleVik

I tried:

RewriteCond %{HTTP_REFERER} !^somedomain\.com
RewriteCond %{HTTP_HOST} ^somedomain\.com
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) https://somedomain.com/members-only/ [L,R=301]
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

But didn’t work. According to RewriteCond – when should I use [OR]? RewriteConds “default behaviour is ‘AND’ — All of the RewriteConds have to be true in order to trigger the rule.”

I might have been a bit quick to conclude… By this method, direct access is in fact disallowed, but how do I allow the uploads displayed on the server (IE. on a page only visible to me)?

Thanks, that worked excellently! It might not be entirely dynamic (adding to .htaccess manually versus adding it as a mod_rewrite_rules filter), but then again I am not in the need of the solution as a plugin.

Yes, directory-listing and hotlinking proved easy indeed. As I see it, the problem with placing files outside of their regular location within blogs.dig/#/files/ is that it would have to be done for all the sites. And this of itself is no less work than attempting to stop behavior on a specific site.

My original approach might actually prove easiest: Turn of directory listing for all domains, stop hotlinking for all domains, use a RewriteRule that overrides the default behavior of WP and instead returns a 404 error (or redirects) when attempting to access files on that specific domain.

So, like the original example, I need to figure out how to make a RewriteRule or RewriteCond that makes the server ignore the default:
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
and instead use:
RewriteRule ^([_0-9a-zA-Z-]+/)?(.+)somedomain.com/files/(.+)$ - [L]
If I am not mistaken, this would work so that any request to the server for a file at somedomain.com/files/ would be met with a 404, while any other domain would go to ms-files.php.

I’ll have a look at Download Monitor to see if I can’t find some valid mod_rewrite tips.

A fair answer, which does in fact explain most of the reasoning behind why it is a hard nut to crack. My thought is, however, as follows: If users that do not have specific privileges within WP cannot see the directory listing, cannot access file by direct URL and also cannot hotlink files; the files are indeed private to the extent they need to be.

The only way they would get re-distributed would be if someone gained FTP-access or the users that are able to see them within WP do so.

I looked at those plugins, as well as some other membership ones, but they all seem rather “heavy” to just disable public access to a folder (which is rather easy to accomplish with a single-site blog, but becomes a different beast when I only want to block one blog in a network).

I naturally assumed that someone had done this before, but I can find no viable references to doing it within multisite, nor have I been able to figure out why my current setup fails (the RewriteRule seems valid, but crashes somehow with the one directing to ms-files.php).

As I see it, I have to options:
A) Figure out how to make queries to somedomain.com not be handled by the ms-files.php rewrite.
B) Force user privileges checks within ms-files.php, which would add extra load on all sites in the network.

Any opinion on best route of action?