Although there are advantages to a flat file system. I have to wonder about keeping anything private. Can anybody get to files on grav, just by the URL?
Community guidelines
Please keep discussions civil and on-topic. Repeated violations may lead to a temporary ban.
General
I'm also interested in this. Following.
@walterbyrd, @marcocevoli Although I'm not that well versed in .htaccess, I think (and correct me if I'm wrong) the following snippet will block all sorts of file types in the /user tree and also all *.md files anywhere in your site:
TXT
# Block access to specific file types for these user folders
RewriteRule ^(user)/(.*)\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ error [F]
# Block all direct access to .md files:
RewriteRule \.md$ error [F]
last edited 06/12/20 by pamtbaau
I had to write a little plugin that looks at a pages frontmatter, and if it contained "private_content: true", then it is hidden from the archive page creation and if someone were to access it via a url (i.e. someone shared a link) it returns the 404 page. I am still working on the part of the plugin that allows access to the content should a privileged user access the content.
Log in to reply.
Suggested topics
| Topic | Participants | Replies | Views | Activity |
|---|---|---|---|---|
| 2 | 101 | 16 hours ago | ||
| 1 | 68 | 21 hours ago | ||
| 0 | 53 | 1 day ago | ||
| 6 | 361 | 5 days ago | ||
| 3 | 49 | 6 days ago |