News:

Support for jDownloads 3 has been ended
Since 17 August 2023 Joomla.org has discontinued support for Joomla 3.x. Therefore, we will no longer offer official support for our Joomla 3 jDownloads version 3.9.x from January 2024.
Please update your website to the latest Joomla version (Joomla 4 or Joomla 5) as soon as possible. Afterwards, please update jDownloads to the latest published version. The longer you delay, the more difficult the upgrade process for your website is likely to be.

Main Menu
Support-Forum

Prevent direct access to Downloads

Started by eric, 28.06.2018 23:19:57

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

eric

Is there a common way to prevent users from bypassing the joomla/jdownloads permissions if they know the External File Link?

Thanks!
  •  

ColinM

#1
Hi
Yes there is.
Set 'Protect your Download-directory?' to yes.  This adds an .htaccess file in the jD root directory that prevents direct access as the jd Root directory must appear in a direct link.
This .htaccess file consists of the statements:
'Options -Indexes' - which prevents it being shown as a directory,
and 'deny from all' which stops any external access.
Note the restricions however for videos and also if you do not use 'Send Downloads over PHP Script'.

Another security item is 'Activate Hotlinking protection?'  This basically stops other web sites using your site to download a file, typically used for images and the like. This may cause your site a problem if you use absolute referencing (eg http://www.yoursite.com/myimages/image.png) instead od relative referencing (eg /myimages/image.png).

'Block when the Browser does not send a Referrer?' is also useful.
Colin

EDIT I have split into a new topic with a more relevant title  Colin
Colin M
  •