Although there are advantages to a flat file system. I have to wonder about keeping anything private. Can anybody get to files on grav, just by the URL?
I’m also interested in this. Following.
@walterbyrd, @marcocevoli Although I’m not that well versed in .htaccess, I think (and correct me if I’m wrong) the following snippet will block all sorts of file types in the
/user tree and also all
*.md files anywhere in your site:
# Block access to specific file types for these user folders RewriteRule ^(user)/(.*)\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ error [F] # Block all direct access to .md files: RewriteRule \.md$ error [F]
I had to write a little plugin that looks at a pages frontmatter, and if it contained “private_content: true”, then it is hidden from the archive page creation and if someone were to access it via a url (i.e. someone shared a link) it returns the 404 page. I am still working on the part of the plugin that allows access to the content should a privileged user access the content.