Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I just did an installation of WebFM (nice module!) but have one problem...
Anyone knowing how to construct the Web File Manager access URL (http://www.example.com/webfm_send/###) can access the WebFM files, even when they are not authenticated to the site through Drupal.
Comments
Comment #1
robmilne commentedNot if you place a .htaccess file in your webfm root dir (or 'files' dir) and the file permissions are not set to public.
For an example see http://vera-ikona.com/node/168
Comment #2
jjohns4 commentedOn this site, the following .htaccess file is placed in the webfm root:
SetHandler Drupal_Security_Do_Not_Remove
Deny from all
The Download Method on at admin/settings/file-system was set to 'public' (following the advice in another WebFM article), but I have now changed it to 'private'.
That solved the problem.
Thanks.
Comment #3
robmilne commentedWrong. For webfm to function securely the file-system should stay public. Put your own .htaccess file into webfm root. Use google for info on how to set it up and to generate a .htpasswd file.