My Drupal install was set to download method: Private Files, with the files directory being at "../../files" (outside of the web root). Following the installation instructions for this module, I changed to download method: Public Files, but of course the links on my site broke. I realized I won't ever going to get them working this way, because Drupal's Public Files handling cannot virtualize the location of files outside the web root, as Private Files handling can.

If I move my files directory into the web root, they can be downloaded directly by address, so they are no longer very "private." Is there some kind of htaccess trickery I can do that lets Drupal get files in folders I set up to be private, but keeps outsiders from getting to them? Since locating the files folder outside of the web root is one of the big draws of the Private File handling, you may want to address that it is now impossible when choosing this "mixed" file system route.

Comments

Northerner’s picture

Northerner commented
Status: Postponed (maintainer needs more info) » Closed (fixed)

Northerner again... I'm guessing your instruction saying to put "Deny From All" in the htaccess handles my access concerns... but I'm guessing I will need to move all my files into the web root to use this module. Not a problem as long as the files are "Denied From All"
I suppose.. I will close this issue. You may still want to add something to your documentation mentioning that the private files must be inside the web root (if my understanding is correct).