My current live site uses Apache Basic Authentication. In some folders, a user that can access the folder may have access only to some files, but not others. With Basic Authentication this is easily accomplished by using <Files>..</Files> blocks inside a <Directory> block with "Require group xxx" in each Files block. (With a different protection group specified for each file group) The protected files are add-ons to a base product. A member who has a base product may also have a half-dozen add-ons. Also, the same add-ons apply to multiple base products. I DO NOT want to put each add-on into a separate folder as this will just makes things a lot more tedious for members. One of my main objectives with aMember is to improve the user experience, not complicate it. The current site provides a separate folder for each base product, but the add-ons appear in each base product folder. If a member tries to download an unauthorized file, the result is a 401, which causes the browser to request new credentials. The 401 is slightly annoying to some, but it all works, and a member trying to download unauthorized content should be happy to not be treated even worse. With new_rewrite, I can theoretically provide a little better experience, avoiding the ugly 401 window. On the aMember CP, I have only been able to find "Protect Folders", I don't see any function to "Protect Files" inside a folder. The quoted statement appears to be incorrect to the extent that the only automated support appears to be support for folders. I want to use aMember new_rewrite to protect individual files within the same folder the same way as presently. The .htaccess will be moved into an enclosing <Directory> block. I am prepared to write the enclosed <Files> blocks myself with the cookie-based mod_rewrite directives. However, I seem to face a number of problems. For starters, every add-on product is displayed on the member page. How can I hide these "files" products from the member page, but have their hash-n files written to /data/new_rewrite when a user logs in? Will I also need to do some script hacking to accomplish my objective?
Quote above is not complete: This is not related to protected files in a folder but to session files that amember create when user login. To do what you need you will need to modify htaccess file manually each time when protection settings will be changed(for example when you want to protect new file etc...) Edit /amember/templates/member.html and modify block that display links. For example do not display link based on product ID.
Thanks. I will look at that. One other issue: The product setup page provides ability to specify additional product that member will be granted access. When I use this, the extra product is displayed on the member page with the same title as the main product that populated it. Why doesn't it display the product's own title? (The link is ok, just the title is wrong) If I manually add a product as "free", it displays with its own title. But, my desire is to specify it on the related product page to avoid having to manually add the included product. Why are the titles different in the two cases?