21529 pointsCommunity rank #0Supreme DeityWPMU DEV StaffLifetime member
Support Kangaroo
(joined March 2011)
Likes (0)
Greetings donty,
With the htaccess file read only then it is certain the changes between Membership activated and not activated to include permalink modifications will not take place.
By any chance did you upload the media while Membership was activated?
43 pointsCommunity rank #1401VeteranJust Getting Started
Member
(joined March 2012)
Likes (0)
Membership was activated and the sample content created within the membership system. Leaving .htaccess with web service write perms is not ideal but usually WP provides you with the .htaccess content it wants to write to the file for you to do so manually.
Can you let me know what lines it adds or changes when membership system is activated?
21529 pointsCommunity rank #0Supreme DeityWPMU DEV StaffLifetime member
Support Kangaroo
(joined March 2011)
Likes (0)
Greetings Donty,
Membership was activated and the sample content created within the membership system. Leaving .htaccess with web service write perms is not ideal but usually WP provides you with the .htaccess content it wants to write to the file for you to do so manually.
Agreed.
Can you let me know what lines it adds or changes when membership system is activated?
I cannot but I was going on the premise of better being safe then sorry having possible issues arise because of this, and I find that it is much smarter to protect the htaccess file:
<Files .htaccess>
order allow,deny
deny from all
</Files>
When placed in your site’s root .htaccess file, that code will prevent anything from accessing your .htaccess files in the root directory and all subdirectories.
Note that Apache now protects .htaccess files by default, so in most cases there is no need to add this code. It depends on your server setup and general level of paranoia.
The same as the wp-config.php file:
<files wp-config.php>
order allow,deny
deny from all
</files>
I only brought this subject up because you said:
Permalinks have been toggled from and to Post Name but to no effect. The .htaccess is read only but matches the suggested content in permalinks.
Now with the htaccess file read only, how could toggling the permalinks have any effect?
The original issue is that visitors can see the unmasked URL for images?
43 pointsCommunity rank #1401VeteranJust Getting Started
Member
(joined March 2012)
Likes (0)
Apart from .htaccess I thought permalink setting was also stored in the DB? Often after updates we've seen Permalinks break and need resetting (ie switch then revert) even if the htaccess file is not writeable.
We normally protect the wp-config.php file that way too, don't want them accessing the DB user/password settings or more ;-)
The issue we are suffering from is that media that is marked as public view is in fact not visible when the published media is auto rewritten as /download directory but is directly visible using the /wp-content/files route.
It means we cant get control of images in that we can't publish them to public even when they are public which is why I wondered about the .htaccess requirements as it suggested permalinks were a possible problem.
However if essentially the only protection of such content is simply obscurity using a simple directory rewrite then it probably isn't worth doing to any great extent.
Problem still stands that we can't display images even if we don't use the media to public visitors. To see what I mean check the two links above, they should point to the same image.
21529 pointsCommunity rank #0Supreme DeityWPMU DEV StaffLifetime member
Support Kangaroo
(joined March 2011)
Likes (0)
Greetings Donty,
Thank you for your additional input, it is genuinely appreciated.
After further research I believe the problem has nothing to do with the htaccess file nor permalinks, but rather any number of other possibilities.
So I am going to go through a couple of things to check so that if we cannot get this figured out we have covered as many bases as we could before calling in the lead developer to point out something that we missed or did not think of.
The first thing to do is check that your visitor level is also your stranger level?
Next go to Membership > Options > Downloads / Media Protection (this one: wp-admin/admin.php?page=membershipoptions&tab=downloads )
Lets make sure the "Masked download URL" for downloads to includes the trailing slash i.e. downloads/ (i.e. add the trailing slash)
When uploading the images using the image uploader, make sure you are choosing the protected content group as "None".
Please check these items mentioned above and if we still do not have positive results I will see if I can get the lead developer in here to see if he can advise us to what the issue may be.
Above I have covered every thing I could think of that could possibly cause this issue and some in the previous post.
43 pointsCommunity rank #1401VeteranJust Getting Started
Member
(joined March 2012)
Likes (0)
Hi Again
Unfortunately that seems to not make a difference.
So to recap the issue:
- Media group setup called Public Media
- in Access Levels, Visitor user is given access to Public Media group
- Stranger is set to Visitor
- Trailing slash is in place
- Uploads are not done with a group definition, ie not set to anything.
- Pages with this media attached are seen by Visitor but not the media itself, ie pictures do not show when the page uses /download/ url rewrite.
-The images are visible if Visitor directly connects with the underlying /uploads/ directory.
Look forward to some more feedback on this, don't think I have missed a step?
21529 pointsCommunity rank #0Supreme DeityWPMU DEV StaffLifetime member
Support Kangaroo
(joined March 2011)
Likes (0)
Greetings Donty,
Please try re-uploading the media, just one as a test, using the media uploader and choosing the protected content group as "None" and lets see what happens.
Still not getting all notices when responses are made, so I have to remember to come back and search through the posts manually. NB even with the notified of followup box ticked.
Responses (14)
Support Kangaroo (joined March 2011) Likes (0)
Greetings donty,
With the htaccess file read only then it is certain the changes between Membership activated and not activated to include permalink modifications will not take place.
By any chance did you upload the media while Membership was activated?
Please advise.
Cheers, Joe
Member (joined March 2012) Likes (0)
Membership was activated and the sample content created within the membership system. Leaving .htaccess with web service write perms is not ideal but usually WP provides you with the .htaccess content it wants to write to the file for you to do so manually.
Can you let me know what lines it adds or changes when membership system is activated?
Support Kangaroo (joined March 2011) Likes (0)
Greetings Donty,
Agreed.
I cannot but I was going on the premise of better being safe then sorry having possible issues arise because of this, and I find that it is much smarter to protect the htaccess file:
When placed in your site’s root .htaccess file, that code will prevent anything from accessing your .htaccess files in the root directory and all subdirectories.
Note that Apache now protects .htaccess files by default, so in most cases there is no need to add this code. It depends on your server setup and general level of paranoia.
The same as the wp-config.php file:
I only brought this subject up because you said:
Now with the htaccess file read only, how could toggling the permalinks have any effect?
The original issue is that visitors can see the unmasked URL for images?
Please advise.
Cheers, Joe
Member (joined March 2012) Likes (0)
Apart from .htaccess I thought permalink setting was also stored in the DB? Often after updates we've seen Permalinks break and need resetting (ie switch then revert) even if the htaccess file is not writeable.
We normally protect the wp-config.php file that way too, don't want them accessing the DB user/password settings or more ;-)
The issue we are suffering from is that media that is marked as public view is in fact not visible when the published media is auto rewritten as /download directory but is directly visible using the /wp-content/files route.
It means we cant get control of images in that we can't publish them to public even when they are public which is why I wondered about the .htaccess requirements as it suggested permalinks were a possible problem.
However if essentially the only protection of such content is simply obscurity using a simple directory rewrite then it probably isn't worth doing to any great extent.
Problem still stands that we can't display images even if we don't use the media to public visitors. To see what I mean check the two links above, they should point to the same image.
Thanks for getting back to me.
Support Kangaroo (joined March 2011) Likes (0)
Greetings Donty,
Thank you for your additional input, it is genuinely appreciated.
After further research I believe the problem has nothing to do with the htaccess file nor permalinks, but rather any number of other possibilities.
So I am going to go through a couple of things to check so that if we cannot get this figured out we have covered as many bases as we could before calling in the lead developer to point out something that we missed or did not think of.
The first thing to do is check that your visitor level is also your stranger level?
Next go to Membership > Options > Downloads / Media Protection (this one: wp-admin/admin.php?page=membershipoptions&tab=downloads )
Lets make sure the "Masked download URL" for downloads to includes the trailing slash i.e. downloads/ (i.e. add the trailing slash)
When uploading the images using the image uploader, make sure you are choosing the protected content group as "None".
Please check these items mentioned above and if we still do not have positive results I will see if I can get the lead developer in here to see if he can advise us to what the issue may be.
Above I have covered every thing I could think of that could possibly cause this issue and some in the previous post.
Please advise.
Cheers, Joe
Member (joined March 2012) Likes (0)
Thanks for the extra pointers, here are the results:
1) Stranger is visitor
2) Added / as the default setting didnt have it
3) Group was set to none for upload and changed once in the gallery.
I will do some more tests and trials with the / in place and let you know if it improves things or not.
Thanks!
Member (joined March 2012) Likes (0)
Hi Again
Unfortunately that seems to not make a difference.
So to recap the issue:
- Media group setup called Public Media
- in Access Levels, Visitor user is given access to Public Media group
- Stranger is set to Visitor
- Trailing slash is in place
- Uploads are not done with a group definition, ie not set to anything.
- Pages with this media attached are seen by Visitor but not the media itself, ie pictures do not show when the page uses /download/ url rewrite.
-The images are visible if Visitor directly connects with the underlying /uploads/ directory.
Look forward to some more feedback on this, don't think I have missed a step?
Support Kangaroo (joined March 2011) Likes (0)
Greetings Donty,
Please try re-uploading the media, just one as a test, using the media uploader and choosing the protected content group as "None" and lets see what happens.
Please advise as to the results.
Cheers, Joe
Support Chimp (joined March 2010) Likes (0)
Hey there, just checking in to see how things are going.
Are you still requiring assistance here or are you sorted now?
If you need to reopen the thread or create a new one then please feel free.
Take care!
Member (joined March 2012) Likes (0)
No that didn't make any difference, whether uploaded as none, inserted as none or not.
Same URL still applies:
http://www.1100district.erotary.org.uk/introducing-district-1100-eclub-2/
Visitor still doesnt see the image media just a blank page, when clicked it gives a 404 on http://www.1100district.erotary.org.uk/downloads//2012/07/ThinkingOutsideTheBox.jpg
Any more ideas?
Still not getting all notices when responses are made, so I have to remember to come back and search through the posts manually. NB even with the notified of followup box ticked.
Support Chimp (joined March 2010) Likes (0)
The path there looks wrong two //.
Can I see a screenshot of the protection page settings please?
Thanks.
Member (joined March 2012) Likes (0)
I think you mean this page, let me know if not. The // may be due to the request earlier to put trailing /?
Support Chimp (joined March 2010) Likes (0)
Would you mind if I take a closer look to debug a little?
If so then can you please use the following form:
http://premium.wpmudev.org/contact/
And include the following:
- Mark it to my attention
- Include a link to this thread
- Include FTP access
- Include full admin access
Thanks.
Support Chimp (joined March 2010) Likes (0)
Hey there, hope you are well!
Just checking in to see how things are going and if you need further assistance.
If you do then please feel free to reopen this thread or create a new one.
Take care and have a fantastic day!
Become a member