Directory security


We have a web-based software that we use for the organization. I moved it under cloudflare proxy and I think I have secured it with various waf rules. But there is a problem like this; this system is a system that can be logged in with a username and password, but some urls are open to access without a username and password, I can see this when I test it. For example:

How can I block access to such urls without logging in? I have a lot of urls and I want to do it on a folder basis. Only users who are actually logged in should be able to access these files. Can you help me with this?

Please don’t share links to files

the link I shared was not a real link, it was just an example (fake) link to make my point clearer

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.