Prevent access to asset from one URL but not another

(Nic Hubbard) #1

Matrix Version: 5.4.3.1

We ran into an annoying issue recently that I cannot figure out how to fix. We are building a new website and have new designs, etc. There are hundreds of news articles that we have on our site that are on our old site, and also linked to our new site with the new design. Somehow someone got the link to the new design version of the news article and posted it on Facebook.

So. Is there any way to restrict access to any users on our new design that has a different subdomain, when those assets are shared with our old/current website?

The other strange thing is that even though the design asset is Under Construction with no public access, that asset is still accessible with plain text navigation, header, etc etc that are in the design asset.

(Douglas (@finnatic at @waikato)) #2

I don’t know what your setup with Matrix / the PUC network is, but we’ve secured development sites previously at the httpd server level e.g. Apache - putting restrictions in place requiring the request either be from an appropriate IP and/or authenticated.

It doesn’t stop people who don’t know better from sharing those links in public, but can stop public access before you’re ready to deploy a development.

(Nic Hubbard) #3

Can you make Apache force a Matrix auth login? I would prefer for it to show the login if possible.

(Douglas (@finnatic at @waikato)) #4

I’m not sure… we’re normally the other way around, wanting to force our organisational auth login up front, with Matrix login occurring silently using the HTTP Authentication Variable option.

I would suspect it’s a combination of pushing unauthenticated users to a _login suffixed page, alongside configuring Apache to recognise Matrix authentication but not my area of expertise.

(Nic Hubbard) #5

I ended up just making sure the user accessing it was logged in, if not, stop rendering the page:

<MySource_AREA id_name="exit_area" design_area="exit" print="no"></MySource_AREA>
<MySource_AREA id_name="logon_box" design_area="show_if"> 
<MySource_SET name="condition" value="logged_in" /> 
      <MySource_THEN></MySource_THEN>
      <MySource_ELSE>
        <MySource_PRINT id_name="exit_area" />
    </MySource_ELSE>
</MySource_AREA>
(Robin Shi) #6

would you check the new article asset if it’s been set with “new” or “override” design of the new parse file/customization? Can you try control the access via permission of the design asset instead of its status?

(Nic Hubbard) #7

See my solution above. :slight_smile: