This is, unfortunately, a nature of externally hosted files. Since we cannot download a remote file like we would one hosted on the server, we have to simply redirect to it. The downside to this is that the URL can become visible.
If you wish to fully protect remotely hosted files, you will need to use Amazon S3 or Dropbox to host the files:
https://easydigitaldownloads.com/extensions/dropbox-file-store/
https://easydigitaldownloads.com/extensions/amazon-s3
Incidentally both servers, that is server whose wordpress is accessing files and the remote server whose files are being accessed have wordpress installed. Can’t two wordpress installations with easy digital downloads installed in both of them talk to each other securely…
Let us say that the direct URL of the file on remote host is visible while using easy digital downloads. Is it not possible to have some specific server configuration on remote host that it allows downloads when referer is only a specific external domain.
That could probably be done, yes, but it will require some custom htaccess rules.
The following has been tried without much success:
RewriteEngine on
Options +FollowSymLinks All -Indexes
RewriteCond %{HTTP_HOST} !^(www\.)?alloweddomain.com$ [NC]
RewriteRule .* 404.shtml
Can you elaborate on what code should be used in .htaccess file.
I don’t know the rules off the top of my head, sorry. htaccess rules are not my strong suit.
Besides the issue of visible URL, what could be the issue that the file is not downloading – it is simply playing in the browser.
Take a look at this post, it will show you some htaccess rules you can use to prevent that: http://css-tricks.com/snippets/htaccess/force-files-to-download-not-open-in-browser/
The following code in the .htaccess file of the remote server is enforcing file download:
ForceType application/octet-stream
Header set Content-Disposition attachment
However, EDD is not able to rename the file. In spite of entering file name in the field as shown in the screenshot, the same file name is downloaded that is there in the original URL of the file.
That’s another result of it being a remote file. The only thing EDD can do is redirect to that file. It can’t alter the name of it.
I have the same problem the url is available, but I changed it to force download, and it uses the purchaers email in a long string to get the file, its masked.
However the item they purchased has 3 download links, only the first link is available, the rest get a 404 error. The file is there, this is too much trouble.
I saw you opened a new, separate ticket so I am going to help resolve your issue there.
