razvanstanga
commented
7 years ago Name the JSON file with a random string like f605df1c86b37a6447d9818c18d99f32.json and no one will guess it.
Closed ahmed-sigmalux closed 7 years ago
razvanstanga
commented
7 years ago Name the JSON file with a random string like f605df1c86b37a6447d9818c18d99f32.json and no one will guess it.
First, thank you for writing this WordPress plugin. It's very helpful for those of us running multiple Varnish servers.
That said, your setup for the statistics is a bit of a security issue because the JSON files are viewable by anyone who guesses the URL(s). I tried blocking access to the JSON files in Apache, but that also blocks the WordPress plugin from reading the statistics.
Any suggestions for locking this area down? Perhaps call the JSON files directly via the filesystem instead of a relative web path? At least that way people could store the JSON files in non-public directory.