How can I protect warehoused resources in lockdown folders?

(Franz Rathmair) #1

I found out by chance that files (pdf) which I meant to be hidden securely by using the lockdown plugin seem to be open to the public simply by using google to search for certain keywords. I have warehoused these files so that the project files is not that big anymore, but have no password protection installed to my warehouse. Thus google is indexing all the files that I want to be hidden!

What are good options to protect these resources asap?

Can I put a password protection on my warehouse folder and still import these files into my lockdown plug-in?

How can I minimize the potential damage, i.e. stop the access to the files that have been indexed? Will changing the filenames do the trick?


(Jannis from inStacks Software) #2

Did you try a htaccess password authentication for it?

Which of course could mean double authentication for the files and the pages protected by lockdown…

(Mathew Mitchell) #3

Lockdown was always intended for very basic protection (i.e. not really a high level of protection).

Jannis’ recommendation may be much better for your purposes, but a product to consider (and that many using RW use) is Sitelok:

(Jannis from inStacks Software) #4

Isn’t Sitelok PHP based, and with this isn’t able to take care about PDF resource files already indexed by Google?

(Mathew Mitchell) #5

Yes, that is likely the case. But he could, presumably, delete the old resource files and create a new folder/destination that had not been indexed yet but now is more protected. May not be a viable option depending on the number of files involved.

(Franz Rathmair) #6

Thank you for your replies, Mathew and Jannis.

I first tried to have my folder locked through a server-side password protection. That disallowed access to the files that had already been indexed by Google, but it didn’t allow Lockdown to access my files. So I scratched that as a solution.

I the meantime I came up with the following: I changed the name of the folder on my warehouse files so that the indexed files aren’t accessible anymore via Google search. Then I had to change the names of many files manually in order to get the Lockdown linking to my files working again. And finally, I used RapidBot 2 in order to disallow indexing of the renamed warehousing folder.

I hope that is a lasting solution. What do you think?