PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

SSL certificate, upload, location, destination,

  1. Hello Darlings!

    My site has an SSL cert. Recommended clients upload private info, that informs us what kind of support they need. I have looked around the forum for a solution to what I would like to do on the site; I am sure I have seen it but can't find it

    :(

    When clients upload documents they contain sensitive information, I would like to apply a password to the gravity uploads folder via the SSL cert, so a document can only but downloaded via the url link in the email with the password protection. However, I assume that this may prevent stuff being uploaded to it via a form. Is this the case?

    If so, would it be possible for the information to be uploaded to another folder on the domain via gForms?

    If so, how (im sure Ive seen it discussed somewhere else!!!)?

    Thanks RocketGeniuses!!!

    Posted 7 years ago on Monday September 3, 2012 | Permalink
  2. Protecting the uploads is not part of Gravity Forms. However, you can do a couple things:

    1. You can force all access to the upload folder to be via https/SSL by adding this to your .htaccess file:

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} wp-content/uploads/gravity_forms
    RewriteRule ^(.*)$ https://example.com/wp-content/uploads/gravity_forms/$1 [R,L]

    That will work if your host allows that type of override in an .htaccess file. That will force any access to that folder via http to be redirected over https. That protects the request during transit.

    2. You can change the upload directory with the gform_upload_path filter: http://www.gravityhelp.com/documentation/page/Gform_upload_path That will put uploads into a new directory for you. If you do that, the information in item 1 above will need to be adjusted to the new location and URL.

    3. However, none of that will prevent someone with the URL from accessing the document directly. They would just be directed to a secure connection and the download would continue. You can however, protect the upload directory with Apache Basic Authentication, which will force the visitor to log in with a username and password before they can download the file. You can read more about Apache Basic Authentication here: http://www.rahul.net/howto/basicauth.html There are a lot of tutorials online. There are two parts to it. Create the .htpasswd file, and create the .htaccess file. The .htaccess file will go in the upload directory for the form, and will look like this:

    Options -Indexes
    AuthName "Protected Upload Directory"
    AuthType Basic
    AuthUserFile /path/on/server/to/file/htdocs/.htpasswd
    require valid-user

    And then in the file /path/on/server/to/file/htdocs/.htpasswd you will store the authentication information.

    This basic auth does not interfere with the uploads, just the access over http (and https).

    It's a worthwhile customization but will take a bit of work and the help of your system administrator maybe.

    Posted 7 years ago on Monday September 3, 2012 | Permalink
  3. Will have a look and try. Phew thats a long one.

    Posted 7 years ago on Monday September 3, 2012 | Permalink
  4. There is a lot to it, but I did it on an installation I have in about 30 minutes or so, including the form. So, for a competent systems administrator, it should not take too long. On shared hosting, it might take longer to accomplish, depending on the support you receive.

    Posted 7 years ago on Monday September 3, 2012 | Permalink
  5. cheers chris!

    i will have a go.... I'm doing too many things here

    (rolling of eyes)

    Posted 7 years ago on Monday September 3, 2012 | Permalink
  6. Hi Chris,

    I pasted...

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} wp-content/uploads/gravity_forms
    RewriteRule ^(.*)$ <a href="https://example.com/wp-content/uploads/gravity_forms/$1" rel="nofollow">https://example.com/wp-content/uploads/gravity_forms/$1</a> [R,L]

    but replacing the the URL with my domain and wordpress install folder.

    However I get an internal server error.

    this is currently what my .htaccess file looks like

    DirectoryIndex index.php
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress

    where exactly should it go so I so I don't get the internal error?

    I think I'm being lame here

    Posted 7 years ago on Friday September 14, 2012 | Permalink
  7. The syntax looks OK. I would put your rules right where blank line 2 is in the default WordPress .htaccess file.

    It's possible your host does not support these overrides in an .htaccess file. You will need to contact your host or look at the Apache error logs to see what the problem is that is causing the 500 Internal Server error.

    Posted 7 years ago on Saturday September 15, 2012 | Permalink
  8. Just to say this is sorted now!

    Posted 7 years ago on Sunday September 23, 2012 | Permalink
  9. How did you resolve the problem Joseph?

    Posted 7 years ago on Sunday September 23, 2012 | Permalink
  10. As you suggested. Also placed a username password on the folder!

    Posted 7 years ago on Sunday September 23, 2012 | Permalink
  11. OK, thank you for the update.

    Posted 7 years ago on Monday September 24, 2012 | Permalink

This topic has been resolved and has been closed to new replies.