Prevent Users from Directly Downloading Unauthorized Updates
Posted by Mark [Elevated X Support], Last modified by AJ Hall on 01 November 2017 03:29 PM
For both trial members and full members, Elevated X relies on a folder called "content" that houses your system's content (on a trial area, this is a symlink to your members area).
While both trial and full members areas are often protected with a username/password, this still does not prevent a user from accessing files they are not supposed to access.
Examples of this may be:
This is where servefile.php comes into play.
Within the default install of the CMS in /members/ is a file called servefile.php.
What this file does is serve the file via PHP. It checks against the content directory to make sure that the user is authorized to view the content.
In order to set this up, the you will have to create a mod_rewrite rule for every file type you wish to protect with this format:
The following example will go within the .htaccess file of your trial or members folder.
This functionality may not work with your authentication mechanism. Please check with your authentication script provider to see if use of mod_rewrite is compatible with their authentication script implementation.