Das Verzeichnis ist geschützt, aber nicht die Datei innerhalb dieses Verzeichnisses

[per4mance]

Hi,
For a better understanding of protecting attachments with your great plugin, I read your article https://github.com/boonebgorges/buddypress-docs/wiki/Attachment-Privacy#apache

My provider confirmed the directory and subdirectories are protected, e.g. https://bestekinder.org/wp-content/uploads/bp-attachments/287/

But if a user knows a file within this directory, it's visible or downloadable for everyone. How is it possible to prevent this please?
Example: https://bestekinder.org/wp-content/uploads/bp-attachments/287/this-is-a-test-document.docx

I appreciate any help for solving this.

Regards :-)

[boonebgorges]

Hi @per4mance - The fact that you're able to access https://bestekinder.org/wp-content/uploads/bp-attachments/287/this-is-a-test-document.docx means one of three things:

1. The .htaccess file is not being properly created in https://bestekinder.org/wp-content/uploads/bp-attachments/287/. Because I see a 403 error when I try to load that index, I'm guessing that the file is there.
2. The .htaccess file is there, but has some sort of incorrect syntax in it that is causing the directory index to return a 403, but not the files within. I could only be certain of that if I saw the contents of the .htaccess file.
3. Apache is configured in your environment in such a way that the changes in .htaccess are not allowed to take effect. This could be some version of AllowOverride configuration. Here too, the fact that I get a 403 at the directory but not on individual files is somewhat suspicious.

To begin narrowing things down, it would be helpful if you can verify that the file at wp-content/uploads/bp-attachments/287/.htaccess exists, and if so, share the contents of that file here.