I’ve tried a couple of different .* combos, but obviously I don’t know what I am doing as the security logs repeatedly have this line for a digital download we offer to members only. The file gets stamped with member information prior to download, so a new version with a really long file=… string ends the link. It shows in the logs as a 403 error and I worry some members are not getting their downloads – though none have reported an error either. Can this kind of random string be whitelisted?
REQUEST_URI: /wp-content/plugins/wp-cart-for-digital-products/download.php?file=21qZ..........
Thanks!