Secure Static Content with FEU

The place to talk about things that are related to CMS Made simple, but don't fit anywhere else.
Locked
montedavis
Forum Members
Forum Members
Posts: 47
Joined: Wed Jul 03, 2013 7:44 pm

Secure Static Content with FEU

Post by montedavis »

Is there a way to make static content, e.g. pdfs, secure using FEU?

I have used FEU and have it working properly so that users can login and reach password protected pages. When I add links to PDFs on the protected content pages and then go directly to the URL of the pdf, without logging in, I can reach the PDF, I'm assuming this is how things should work but what I want is to to be able use FEU to give users login credentials to access protected content but I also want the content (pdfs) to not be accessible via direct link in web browser, to prevent users that have been removed from the user list from using a bookmark to access content they should not have access to. I also want to prevent the pdf content from being indexed by search engines and wasn't sure if pdfs would be prevented from being indexed because they were not linked to from pages that were not protected content pages.

I was thinking I could use .htaccess and password protect a directory and then put a link to the pdf inside the password protected directory only on the protected content pages but then the user would have two enter two passwords. I was hoping there was a more elegant way to make the pdf content secure while giving access to the pdf content through the protected content pages and prevent search engine indexing. Is this possible?
calguy1000
Support Guru
Support Guru
Posts: 8169
Joined: Tue Oct 19, 2004 6:44 pm
Location: Fernie British Columbia, Canada

Re: Secure Static Content with FEU

Post by calguy1000 »

You will need to prevent direct access to the protected files via .htaccess.

And you will need to use the FEU protected page content type.
Then you should try {cge_file_link} plugin to create obfuscated links or URL's to the protected files.

I haven't tried it so don't know if it works or not... but if the 'page' attribute specifies points to a protected page, then you should have protected links.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
User avatar
rotezecke
Power Poster
Power Poster
Posts: 372
Joined: Fri Apr 18, 2008 9:34 pm
Location: Nimbin, Australia

Re: Secure Static Content with FEU

Post by rotezecke »

I have my protected PDFs outside the web root, (dynamically) listed as something like this:

Code: Select all

'<li><a href="xxx_verify.php?file='.$file.'&dir='.$currrentDir.'" class="pdf">'.$file.'</a></li>'
and the xxx_verify.php fetches it after doing the login check. While this example is not a CMSMS solution, it easily could happen in a UDT on a protected page?

Code: Select all

		if (file_exists($file_path.$file)) {
			header('Content-Description: File Transfer');
			header('Content-Type: application/octet-stream');
			header('Content-Disposition: attachment; filename='.basename($file));
			header('Content-Transfer-Encoding: binary');
			header('Expires: 0');
			header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
			header('Pragma: public');
			header('Content-Length: ' . filesize($file_path.$file));
			ob_clean();
			flush();
			readfile($file_path.$file);
			exit;
		}
montedavis
Forum Members
Forum Members
Posts: 47
Joined: Wed Jul 03, 2013 7:44 pm

Re: Secure Static Content with FEU

Post by montedavis »

Thank you for your replies, I will give these examples a try.

calguy1000: Thank you for your reply on this post and my previous post: Post subject: detailpagetemplate for Products Module Not Workign I appreciate the time you put into the explanation and it does make sense to me now.
Locked

Return to “The Lounge”