Hello @pctevree ,
The difference is that the pdf with the Download Monitor image have been uploaded from the Download Monitor uploader, used when creating/editing a Download, and the ones that do not have the Download Monitor image have been uploaded directly to the Media Library.
Please keep in mind that the ones uploaded through the Download Monitor uploader are uploaded in the protected dlm_uploads folder found in wp-content/uploads/, and they are protected from direct access.
Warmly,
Razvan
Ok, thats helpfull but…
Path to my pdf with only a lock and no “download monitor image” is:
https://maseraticlub.nl/wp-content/uploads/dlm_uploads/2024/07/xxxxxxxx.pdf
Path to the pdf with a lock AND ALSO a “download monitor image: is:
https://maseraticlub.nl/wp-content/uploads/dlm_uploads/2023/06/xxxxxxxxx.pdf
And both can be accessed DIRECTLY in a incognito browser (indeed when you know the filenames)
But also, if i use the uploader here:
https://snipboard.io/YA7zxb.jpg
I get to see it like this:
https://snipboard.io/1RWbTn.jpg
Guess im missing out something?
And indeed:
https://maseraticlub.nl/download/4787/?tmstv=1721893878 is protected
But this one not:
https://maseraticlub.nl/wp-content/uploads/dlm_uploads/2024/07/test.pdf
(and i still dont have the image wich tells me its done ok?)
-
This reply was modified 1 month, 3 weeks ago by Web-Pepper.
-
This reply was modified 1 month, 3 weeks ago by Web-Pepper.
-
This reply was modified 1 month, 3 weeks ago by Web-Pepper.
Think there should be some images there, that have been stripped.
Regarding the access with incognito, could you please let me know what kind of server you are using? If it’s nginx, you’ll need to protect the dlm_uploads folder by adding rules to the nginx config.
https://imgur.com/a/0F6qXo0
As for the Download Monitor image, took another look and indeed, seems we only set the preview image icon to images or files that have sizes, in this case the .pdf not being one of them.
Warmly,
Razvan
I dont think Siteground allows me to modify the NGinx:
NGINX Direct Delivery
With NGINX Direct Delivery we will serve most of the static resources of your website (images, JS, CSS and others) directly through NGINX to achieve the fastest possible loading time. It works for all kind of applications without additional customisation. For best results we highly recommend having NGINX Direct Delivery enabled at all times. However, if you need to use custom caching .htaccess rules for your static content you may need to switch it off.
So i disabled it, and renewes the .htaccess file.
For now, i still dont have that splash-screen-image (do have the lock icon) on the PDF in the media library AND.. more important.. the file is not accessable in an incognito browser.
In your opinition… are my files safe like this?
If it’s not accessible directly that means they are safe 😀
You could talk to the host and have them modify the config and still have the NGINX Direct Delivery functionality on, I think.
Warmly,
Razvan
Will try and i will report back to you here what Siteground has to say about that.
(will be later today)
Siteground Support cannot grant my request to add the lines to NGINX cuz the settings are not for indivudual accounts, but for the whole server. So… Guess we have to do without NGINX and with the “.htaccess solution”.
Thank you for your input!