Bonjour,

I am trying to set the file system download method to "private", and remain unclear how I can specify the path to the files folder.

This post seems to answer the question (?), but I don't understand it...

If, in my server root folder, I have a "public_html" folder and another folder at the same level called "drupal_files" (therefore files in the latter folder cannot be accessed via http), how can I reference that folder in the "File system path" field?

Thanks!

Patrick

Comments

styro’s picture

../drupal_files

Assuming Drupals index.php is in your public_html folder - the path is relative to index.php. If it is another level down in a subfolder, you'll need to use:

../../drupal_files

That worked for me in 4.7 and 5 - I don't use private files in 6 anymore though.

--
Anton

Fidelis’s picture

Ok that worked - thanks!

BTW - why did you choose not to use it anymore? *curious*

I am using this primarily to avoid "hot-linking" to contributed docs... I read that there are performance issues, but I have not seen quantitative comparisons between the two methods, so I don't know if this is really a serious issue or not.

Thanks again!

pat

styro’s picture

With public downloads, Drupal isn't involved - it is purely the webserver handling a static file transfer. With private downloads, there is a full Drupal bootstrap with all the DB queries that entails.

Also (from memory - things might've changed in 6) private downloads mean you can't use the CSS/JS aggregation functionality. I think the color module stuff is in the same boat, but I don't know for sure as I don't use that.

If you are just preventing hot linking, there are clever ways of using Apache (eg mod_rewrite and possibly others) to look for a referer header from your site. Note that header can still be spoofed, so it isn't protecting the files in any way just preventing the leaching. I don't think (not entirely sure though) that a remote website can make it's own unwitting visitors spoof the referer header.

I reserve private downloads for when I really need Drupal itself to decide who gets to access them or not. There was talk of being able to mix public and private on the same site one day, but I'm not sure if they has been any progress on that. In any case if you know how modules work it is possible to make a custom clone of parts of the upload module and configure it (or hardcode it) differently.

--
Anton