Problem with Direct Access to PDF Files, etc

Whenever you like.
I usually keep these “protected” files “near” the webroot.

For example, if your webroot (that is, where Concrete is installed) is at

/var/www/my-site

I create a directoly like

/var/www/my-site-protected-files

Since your “protected” files are the directory where Concrete is published, those may also be served by your web server (apache or nginx or whatever), without passing through Concrete.
Hackers may try to guess your protected file URLs, trying for example accessing

https://your-site.com/confidential-files/<n>/<n>/<n>/yourfile.pdf

(where <n> are random numbers).

That’s why it’s better to place protected files outsite the webroot.

Thank you so much for your repeated guidance.

I have changed the file location as you instructed.

Are the folder permissions okay in this new location?

Finally, thank you again.

file1050×590 17.6 KB

Is this a linux server? If so, the owner of the folder should be the one impersonated by the web server (nginx or apache)

I apologize for the repeated messages.

The OS is Linux-based (the official OS name isn’t explicitly stated, but it runs on a Linux-like system).

Users can use Linux commands via SSH.

However, there is no root privileges; it’s a restricted Linux environment for shared use.

By the way, is it possible to use the created folder for multiple subdomains?

Or would it be better to create one folder for each subdomain?

Thank you in advance.

If you can upload files from Concrete without errors, that means that the permissions are ok.

A physical directory in the file system:

• can’t be assigned to more than one Storage Location
• can’t be used by more that one ConcreteCMS installation

So, if you use the “multisite” feature of ConcreteCMS (that is, one Concrete for multiple websites) you can use the physical for all the sites managed by ConcreteCMS.

If instead you have multiple ConcreteCMS installations, you should have one physical directory for every ConcreteCMS.