Support » Plugin: BuddyPress Docs » How do I secure my BuddyPress Docs attachment directory?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Boone Gorges

    (@boonebgorges) is a starting point.

    Can you say more about your server setup? In particular, are you running Apache? What is your setting at Dashboard > Settings > Permalinks?

    Also, can you verify that the message is, in fact, correct? Upload an attachment to a private Doc. Then try to access the attachment directly, while *not* logged in. You should use the true file URL, so instead of (eg), use If the attachment is actually being protected, the latter URL will fail (you’ll be bounced to wp-login.php).

    Thank you for your great support.

    The error message is correct. If I enter the URL


    into a logged-out web browser the document is seen.

    I am using the Bitnami multisite distribution. This uses Apache and in httpd-app.conf I find

    <Directory "/opt/bitnami/apps/wordpress/htdocs">
        Options +MultiViews +FollowSymLinks
        AllowOverride None
        <IfVersion < 2.3 >
        Order allow,deny
        Allow from all
        <IfVersion >= 2.3>
        Require all granted
       RewriteEngine On
       RewriteBase /
       RewriteRule ^index\.php$ - [L]
       # uploaded files
       RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteRule . index.php [L]
        <IfDefine USE_PHP_FPM>
           RewriteEngine On
           RewriteOptions Inherit
           RewriteRule ^(.*\.php(/.*)?)$ fcgi://uds=%2fopt%2fbitnami%2fphp%2fvar%2frun%2fwordpress.sock/%{REQUEST_FILENAME} [P,L]

    I understand that this is the wrong setting for AllowOverride.

    Please tell me the correct setting for AllowOverride because this is not obvious from the Apache documentation.

    Many thanks,

    Plugin Author Boone Gorges


    Thanks very very much for testing, James. I’m still trying to hone this system, so your feedback is invaluable.

    You are correct that AllowOverride is the problematic bit. Unless you have a strong reason not to, you should change it to AllowOverride All and restart Apache. Let me know what you find.

    That fix worked.

    The Bitnami distribution comes with

    AllowOverride None

    * Have they made a mistake (in which case I will tell them) or might there be a good reason for this setting?



Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘How do I secure my BuddyPress Docs attachment directory?’ is closed to new replies.