Hiding linked file URL for file in Resources


(David Lanigan) #1

MacOS 10.11.6, RW 7.5.5, Stacks 3.5.8

I have a PDF file (e.g. file.pdf) in Resources.

The file is linked to on several webpages.

When the link (that will open in a new window) is clicked, the new window’s URL is (for example) … mywebsite[dot]org/resources/file.pdf (trying to make this not a real URL).

By deleting the “file.pdf” in the URL, and re-submitting the webpage, a user would have access to ALL the files in the Resources folder.

Is there a way to hide the URL for the linked file? Or, is there another way to protect files in Resources?


(Doug Bennett) #2

If I understand your question, you don’t want an index listing of the directory?
If that is the case and you’re running Apache as your web server, add the following line to the .htaccess file:

Options -Indexes

That should give someone an error ( 404 forbidden) if the full filename is not specified, other than default index files (index.html, index.php, etc.). This will NOT protect files in resources, only hide the directory index listing. If someone wanted to try a brute force or dictionary attack, they could still get to the files.
You didn’t say who you are hosting company, but most good ones have a knowledge base covering .htaccess files, and how to set them up.
Example:


(David Lanigan) #3

Thank you for the reply.

You are correct. I don’t want someone to be able to access an Index listing of the Resources directory.

I’ll check out the .htaccess file option.


(Greg Schneck) #4

Just as info… and another option: you can also use tools that will mask the real path to the file…
See: LinklokURL (not specifically a RW tool but it works fine with any site… I use this extensively.)
And here is a stack: https://seydesign.com/stacks/filesafe/

Note that I don’t use “Resources” so these may not be what you want but you could just upload the files to your server instead of using the RW Resources.


(David Lanigan) #5

Thank you. I’ll check those out too.


(system) #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.