boonebgorges
commented
4 years ago Hi @per4mance - The fact that you're able to access https://bestekinder.org/wp-content/uploads/bp-attachments/287/this-is-a-test-document.docx means one of three things:
- The .htaccess file is not being properly created in https://bestekinder.org/wp-content/uploads/bp-attachments/287/. Because I see a 403 error when I try to load that index, I'm guessing that the file is there.
- The .htaccess file is there, but has some sort of incorrect syntax in it that is causing the directory index to return a 403, but not the files within. I could only be certain of that if I saw the contents of the .htaccess file.
- Apache is configured in your environment in such a way that the changes in .htaccess are not allowed to take effect. This could be some version of
AllowOverrideconfiguration. Here too, the fact that I get a 403 at the directory but not on individual files is somewhat suspicious.
To begin narrowing things down, it would be helpful if you can verify that the file at wp-content/uploads/bp-attachments/287/.htaccess exists, and if so, share the contents of that file here.
Hi, For a better understanding of protecting attachments with your great plugin, I read your article https://github.com/boonebgorges/buddypress-docs/wiki/Attachment-Privacy#apache
My provider confirmed the directory and subdirectories are protected, e.g. https://bestekinder.org/wp-content/uploads/bp-attachments/287/
But if a user knows a file within this directory, it's visible or downloadable for everyone. How is it possible to prevent this please? Example: https://bestekinder.org/wp-content/uploads/bp-attachments/287/this-is-a-test-document.docx
I appreciate any help for solving this.
Regards :-)