First, thank you for writing this WordPress plugin. It's very helpful for those of us running multiple Varnish servers.
That said, your setup for the statistics is a bit of a security issue because the JSON files are viewable by anyone who guesses the URL(s). I tried blocking access to the JSON files in Apache, but that also blocks the WordPress plugin from reading the statistics.
Any suggestions for locking this area down? Perhaps call the JSON files directly via the filesystem instead of a relative web path? At least that way people could store the JSON files in non-public directory.
First, thank you for writing this WordPress plugin. It's very helpful for those of us running multiple Varnish servers.
That said, your setup for the statistics is a bit of a security issue because the JSON files are viewable by anyone who guesses the URL(s). I tried blocking access to the JSON files in Apache, but that also blocks the WordPress plugin from reading the statistics.
Any suggestions for locking this area down? Perhaps call the JSON files directly via the filesystem instead of a relative web path? At least that way people could store the JSON files in non-public directory.