Protect WordPress Media Files on Pantheon Hosting

Pantheon does not support .htaccess redirects nor nginx.conf modifications. Its Global CDN caches all static assets including images, PDFs, ZIP files as well as those protected by our Prevent Direct Access (PDA) Gold.

Fortunately, there is a way to redirect protected files making sure they’re accessible only to those with permission.

In order for our PDA Gold to work properly, you should:

  1. Stack Cloudflare on top of Pantheon’s Global CDN
  2. Set up Cloudflare Page Rules
  3. Enable our Raw URL options

Set up Cloudflare Page Rules to redirect protected files

Once setting up Cloudflare CDN stacked on top of Pantheon’s, go to “Page Rules” under Cloudflare admin dashboard and create a new Page Rule as follows:

  • Match this rule:*
  • With these settings
    • Forwarding URL – Select 301 or 302 for permanent or temporary redirect
    • Input your No Access page, e.g.
  • Click “Save and Deploy” this page rule.

Once done, direct access to your protected file URL is blocked and redirected to your selected no access page.

Finally, enable our Raw URLs and protect files as usual. Your private files are now protected against everyone but your authorized users.

Lasted updated on January 31, 2020