Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+1 vote
370 views
in Q2A Core by
reopened by
How can I prevent browsers from accessing the files inside qa-plugin? for example the zip file of an uploaded plugin.
Q2A version: 1.8

1 Answer

+2 votes
by
selected by
 
Best answer

Not sure what zip file you're referring to, but once you've extracted a plugin to its directory you don't need the zip file anymore so can delete it, or move it outside the public directory.

To block access, if you're on Apache server you can put a .htaccess on that directory with this:

Deny from all

This allows access from PHP and stuff on the server, but prevent access through the browser. Be warned that it prevents access to all files, so if you have some CSS/JS or some PHP files that you load manually through the browser they will not work. You can copy the htaccess to multiple subfolders if required.

Another option is to limit access to certain file types only. I think this would work:

<FilesMatch \.zip$>
    Deny from all
</FilesMatch>

...