Community Support Forums

[Artist]

Well, I watched the many setup videos, read many posts about URI's here and finally decided it was time to either redeem my busted pride or discover a a hereto unknown bug. I cannot for the life of me get the URI restriction boxes to work. I'm running the latest of s2member Pro and here's the setup:

Original URL for Level 2 members:
www.mysite.com/directory/zone/awesomestuff/catface.gif

"URIs That Require Level #2 Or Higher" box set to:
/zone/

Everything nicely setup as intended and looks good but when I do a test (as a non logged in person). I can still go directly to:
www.mysite.com/directory/zone/awesomestuff/catface.gif

OK - I accept my shame and at this point admit it must be something blazingly simple. I await my answer but continue to work on the issue!

[Artist]

OK - I tried an experiment. I did the site block trick by entering a hash "/" alone in the URI restriction box. The various links on the site were locked down but I could still for some reason linked directly to image content on the site. like so:

www.mysite.com/directory/zone/awesomestuff/catface.gif

Is it possible I'm doing something incorrectly? It's not as helpful to have a member site and people able to access content directly via a link. I even tried the "Alternative View Protection" options and didn't have any luck.

So, I guess the question I have is if the URI restrictions are supposed to lock down queries using the indicated string. If I entered "zone" in the URI box I'm expecting the above URL to be invalid to anyone but members. Is that how it works?

Any help is appreciated!

[catchacold]

I am wondering this also.

[Artist]

I also should add that that the content I am speaking about is not directly linked anywhere on my actual pay site. It's content I'm holding in storage for a later unlock. I'm guessing that shouldn't matter but I wanted to mention it.

[catchacold]

FYI - This helped me

[Artist]

Welp, I'm kinda at a crossroads. I am not sure what I'm doing incorrectly or if I am am experiencing expected functionality. Any thoughts from the Admins is appreciate. To reiterate, I did go through the videos, posts here and did a couple experiments. I am looking for a way to lock out non-members from URL's linked to membership/protected folders.

Anyone?

[Jason Caldwell]

Thanks for your inquiry.

OK - I tried an experiment. I did the site block trick by entering a hash "/" alone in the URI restriction box. The various links on the site were locked down but I could still for some reason linked directly to image content on the site. like so:

http://www.mysite.com/directory/zone/aw ... atface.gif

s2Member® will only protect content that is served via WordPress. Static image files and other media are not protected. However, it is possible to protect static images, media or any other file type with s2Member's File Download Restrictions. See: s2Member -> Download Options in your Dashboard please.

I'll address your other questions momentarily.

[Jason Caldwell]

You wrote...

"URIs That Require Level #2 Or Higher" box set to:
/zone/

Let's take a look at your Permalink Settings for WordPress please. If your Permalink settings do NOT have a trailing slash, then your URI Restriction shouldn't either.

For instance, with Permalink settings that do NOT have a trailing slash, you would protect this URI:

Code: Select all

/zone

For the best reliability (i.e. to prevent /zone-abc from being protected as well, perhaps inadvertently), it is always best to choose one of the default Permalink options presented by WordPress, most of which include a trailing slash at the end. That way /zone/ will work as expected for you, and with 100% precision across your entire site. See attached screenshot please.

SNAG-0009.png (39.62 KiB) Viewed 289 times

[Artist]

Thanks for the reply Jason and I’ll check it out when I’m back in the office later. One thing– I’m nearly certain (note my use of the word “nearly”) I am not using the custom structure option you are pointing to. Also I recall doing every variation of zone with hashes:
• /zone/
• /zone
• zone/
• zone

None of them worked and all of them allowed me to link directly to the content.

Am I to understand that the URI restrictions would protect any content nested under the above link structure? For instance if I have files chillin’ in folders but not linked directly anywhere on the site they would be locked down correct?

Also –I added the caching program you all wrote (Super Cache, correct?) and it does indeed seem to speed things up. I don’t have a whole lot of plugins running but my site is art heavy and there are a lot of gallery pages for members and non-members. Any speed increasing tips are certainly welcome. In the meantime I need to sort out this particular issue before my site goes live. Right now it’s not effective if people can directly link to “protected” files.

I’ll re-verify the “zone” variations above but realize I did try the whole site lockdown you recommend in your videos by entering the “/” alone in the URI restriction field. I was not able to get to any pages as expected but when I did a direct link to a file I was able to see it.

I do feel it must be some brain dead answer I’m missing so I’ll keep plugging away – I’M NOT DEAD YET! Hahahah

[Artist]

Jason (and team),

I did some experimenting and my permalinks were indeed set to one of the above defaults (I cycled through a few to be safe) - nothing seemed to help. I sent you guys a direct letter to your googlegroups address with more info but it pretty well boiled down to this test I ran:

1. FTP an image on your website/server – somewhere, anywhere – like this:
http://www.mysite.com/directory/zone/cute/bunny.jpg
2. Do no link this image to *anything* on your site via Wordpress, just let it sit there untouched
3. Go to URI restrictions and put a simple hash “/” in the level 0 or 1 URI boxes and lock down your entire site.
4. Log out
5. Try to go to the above URL

In my test you can see this image even when that hash is supposedly locking down my site. Is this intended?

Again - maybe I'm missing something big.

Help welcome!

[Jason Caldwell]

Hi there. Thanks for the follow-up.

Right, as I mentioned earlier, this is to be expected. s2Member® will only protect content that is served via WordPress. Static image files and other media are not protected by s2Member (nor should they be), because they do not pass through s2Member. In other words, these files are NOT served via WordPress, thus not served or protected by s2Member either.

*Note, it IS possible to protect static images, media or any other file types with s2Member's File Download Restrictions though. Please see: s2Member -> Download Options in your Dashboard please.

There is a distinction with s2Member between "content" and "files". What you're trying to protect is a file, it's not "content" within WordPress. So you'll need to use s2Member File Download Restrictions for this.

[Artist]

JASON!!! Thank you!

OK - I understand a LOT more about what you are saying now. Makes MUCH more sense and I think I can work around the things I'm seeing now that I understand the way this works... OK one final question that will help a LOT. Let's say I have the setup:

http://www.mysite.com/s2member-files/bunny_01.jpg

and I make it a Level 0 requirement in the download options section with an unlimited/999999999 restrictions for that level. Will this essentially lock out anyone *but* members from accessing this content yet allow members to proceed with downloading via gallery links or the like without any "JavaScript confirmation" prompting? That's about the best thing I can imagine at this point and I am pretty sure I can work directly with that option.

Thank you again - very, very helpful!

[Jason Caldwell]

I make it a Level 0 requirement in the download options section with an unlimited/999999999 restrictions for that level. Will this essentially lock out anyone *but* members from accessing this content yet allow members to proceed with downloading via gallery links or the like without any "JavaScript confirmation" prompting?

Yes, that is correct. If you allow unlimited file downloads at Level #0, you're telling s2Member that anyone with access at Level #0 or higher, will have unlimited access to your File Downloads, all other visitors will be denied access.

Please note, when serving "Inline" files such as image files, you will want to include that specification in your link to the file. For instance: http://www.mysite.com/s2member-files/s2member-file-inline/bunny_01.jpg
For further details and documenation on this, please check your Dashboard under: s2Member -> Download Options -> Advanced Mod-Rewrite Linkage.

You may also want to have a look in your Dashboard at s2Member's documentation for the JavaScript confirmation prompt, or the exclusion thereof. See: s2Member -> Download Options -> Basic Download Restrictions -> s2member_skip_confirmation