SecurityAssist to secure entire folder rather than specific page?

It's been quite a while since I manipulated anything directly in SecurityAssist, so I'm not sure how to go about this. Client needs some uploaded documents secure and only accessible by users who are logged in and meet a user level threshold.

Is there an easy way to apply a SecurityAssist rule to an entire folder rather than individual pages? The folder will contain mostly PDFs so I can't go through and manually insert code to require authentication on each PDF.

There is no way to secure non-php pages with SecurityAssist.

In order to secure pdf files, I have uploaded the files to a folder outside of the web root, so they can't be downloaded directly.

Then create a .php page that is secured with file download server behaviors to download the files. This is something I could help with in a premier support ticket.

If the folder for secure files is outside of the web root, can you upload files to those folders from an insert/update form? Not sure what the file path would look like outside the web root.

I usually use a folder one up from the web root and just use ../ to reference it. Yes you can upload files to that folder as well.

"Then create a .php page that is secured with file download server behaviors to download the files." Just looking for clarification, so you're suggesting something more advanced needs to be done than just securing that PHP page in general with SecurityAssist? If the file is outside the web root so no one can view the folder directly and the PHP page that directs them to that file is secure, I'm not following what additional would need to be done.

If you have everything in a database, then you might not need to do anything additional.

But if you are listing the files in a folder, then you might need to write some php code to do it.

So I've been experimenting with the idea but I'm having trouble with the idea of storing documents in the web root. The ../ in the public_html/ doesn't seem to get you to another folder in the web root.

https://www.touchtronics.com/test.html

This has the link <a href="../testsecure/success.html">Test it here</a> which, if we're storing the files in a folder called /testsecure/ in the root directory, you'd have to get to those files with a link to download like that. I've created that page in the root directory, but the ../ doesn't seem to get you to the root, you remain in the public_html/ directory.

Is this the right line of thinking and if so what am I missing?

Please attach a copy of the page you are working on. "../" should get you above the public_html directory. It sounds like you are doing it right.

It's https://www.touchtronics.com/test.html you can view the source

I need to see the php code. The problem wouldn't be in the source. Please attach the file. I may even need FTP access to fully debug.