Hi,
I have a site with some custom user groups and restricted content.
The restricted content contains a file upload field (also restricted) and the uploaded fields are stored in a directory that is disallowed in robots.txt and in addition password protected
In spite of that Google did index the content and it's downloadable through a link formed as follows:
http://www.domain.com/component/cck/?task=download&file=field_name_for_file_upload &id=xxxxx
I don't want this url to be indexed and this file to be accessible.
How can I prevent 1) google to index this and 2) even if this url were to be type in the browser bar, the file to be accessible.
Thanks for your help.
Xav
Hi,
you need to set right access level and/or restriction on this field - button 4 in the item or blog view or in the search item/list view.
Hi,
Unfortunately it doesn't work . I had restricted the content type AND the field AND the directory in which the files are stored, this directory is in the disallow list of the robots.txt.
The problem is the URL that is generated by Seblod to download the file somehow "leaked" to google but that's not the worst part. The URL is accessible by just about everyone because it's not the direct path to the file in the directory (password protected via .htaccess) but a link following this pattern:
http://www.domain.com/component/cck/?task=download&file=field_name_for_file_upload &id=xxxxx
Seblod should not allow users to follow this link when they are not logged in with the necessary access rights, but it does.
All the access restriction on the list field does is not display the link but if anyone can "guess" the link they can see the content. It's a serious securyti issue.
Regards.
Xav
Hi,
indeed this should not happen, please report it on the tracker.
Hi,
I posted a tracker issue:
http://www.seblod.com/resources/tracker/20148
Regards.
Xav.