Support

Admin Tools

#13327 Secure directory logged in only

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Monday, 20 August 2012 12:14 CDT

Monday, 20 August 2012 10:17 CDT

DaveOzric
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? All
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (2.5.6)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (latest)

Description of my issue:
General question. Is there a way to secure a directory/folder so only logged in users (frontend) can access the files within. In other words a non logged in can't type in the url of the file and download or view it. I think I remember some extensions i.e. docman claiming this.

Thank you

Monday, 20 August 2012 10:38 CDT

nicholas
No, you cannot do that. DOCman didn't say that it can do that, it was claiming something different: you can have downloads available only to certain users. All download managers (like PhocaDownload) can do that too. You cannot tell Apache (your web server) to limit access to an entire directory based on what the Joomla! user login status is.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 20 August 2012 11:13 CDT

DaveOzric
OK, thanks for that.

Now that I know that I guess it's a AT Pro .htaccess question. I used this to create one with the defaults in the .htaccess maker and it blocks the directory url form listing everything in it, throwing a 403 forbidden. This is perfect. However the exact url with file name opens the file. Is there a way to prevent that too?

Monday, 20 August 2012 11:45 CDT

nicholas
It is possible and it doesn't even require .htaccess Maker :) You can google "apache directory password protect" for password protection methods. If you want to completely disable access to a folder's contents (e.g. your backup output directory - hint hint) you can use this .htaccess inside the directory you want to protect: 
order deny, allow
deny from all
allow from none

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 20 August 2012 12:13 CDT

DaveOzric
Thank you very much

Monday, 20 August 2012 12:14 CDT

nicholas
You're welcome, Dave!

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!