General site security question

[EoinDubh]

One of the websites that I manage is running CMSMS 1.10.3. It is a car club site and while most of the site is open to the public, there are a couple of sections that are supposed to be for members only. I have a login page that allows access to the members only page.

However, I have found that a web search for content on the members only pages will bring up the content even if you are not logged in.

Does anyone have any ideas on how to protect these pages? In particular, the club newsletter page is protected but there is a sample newsletter that is available to the public. These are all in their own directory and I guess a .htaccess file would block most access but I am not sure how to set this up to allow the public to view only 1 file and members to view all files.

Thanks

[Dr.CSS]

If you are using FEU then you can use the Content type: protected and if they aren't logged in they can see those pages, not even google should be able to find them...

[Wishbone]

How are you restricting your pages?

[EoinDubh]

I am using Protected Content on the pages that I want to restrict access to. If I try to access protected content directly by creating a url to the directory, I get a 404 error. However if I use a full link to a file i.e. "http://my.site/files/file.txt then it comes up.

This question came about because someone contacted the newsletter editor about an article on the website in the members only section to get more info and included the link to the file in his email. I guess a member must have sent him the link as I can't get to it by browsing if I am not logged in. And the directory in question is at the level above the CMSMS install so it is not easy to find.

Thanks for the suggestions.

[kmesd62]

The .txt file resides on the server and has its permissions controlled differently to cms pages... (or in this case not at all).

I have successfully used the Download Manager module (which works with feu) to control access to files.