This is Interesting: Free Magazines for Graphics designers and webmasters
Home > Archive > Webmaster forum > September 2006 > Restrict File Access using .htaccess ?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Restrict File Access using .htaccess ?
|
|
| jerryyang_la1@yahoo.com 2006-09-24, 6:59 pm |
| I have a directory full of files (zip, pdf, exe, xls)
The directory structure is:
http://www.domain.com/Downloads/
I don't want users to be able to specify a full file url to download
any files.
IE: I don't want them to be able to enter as the url:
www.domain.com/Downloads/filename.zip
I only want them to have access to the files, if they follow a link
from files.php.
This is located at: www.domain.com/files.php
In files.php, the links are coded as /Downloads/filename.zip
Anyway to do this ??
Many Thanks
| |
| David Dorward 2006-09-24, 6:59 pm |
| jerryyang_la1@yahoo.com wrote:
> I only want them to have access to the files, if they follow a link
> from files.php.
> This is located at: www.domain.com/files.php
> Anyway to do this ??
The short answer is "no".
The slightly longer answer is "You could check the referer header, but is
optional and not uncommonly munged"
You could also look at keeping the files outside the webroot, and having a
PHP script serve them up if passed a time sensitive token you generate on
the index.
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
| |
| jerryyang_la1@yahoo.com 2006-09-24, 6:59 pm |
|
David Dorward wrote:
> You could also look at keeping the files outside the webroot, and having a
> PHP script serve them up if passed a time sensitive token you generate on
> the index.
>
> --
> David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
> Home is where the ~/.bashrc is
Thanks.. Any examples of how to do this ??
I'm new at this !!
| |
| The Chipster 2006-09-24, 6:59 pm |
| Really there's no way of doing exactly what you want, but you could use a
php download script to manage them. There's several out there. Some make
the downloader supply their email before they are able to download, some use
a captcha image, and others are password protected. Just depends on how you
would like to do it. Try the file download script section over at the php
resourceindex at
http://php.resourceindex.com/Comple...le_Downloading/
<jerryyang_la1@yahoo.com> wrote in message
news:1158785727.522332.308570@d34g2000cwd.googlegroups.com...
>I have a directory full of files (zip, pdf, exe, xls)
>
> The directory structure is:
> http://www.domain.com/Downloads/
>
> I don't want users to be able to specify a full file url to download
> any files.
> IE: I don't want them to be able to enter as the url:
> www.domain.com/Downloads/filename.zip
>
> I only want them to have access to the files, if they follow a link
> from files.php.
> This is located at: www.domain.com/files.php
>
> In files.php, the links are coded as /Downloads/filename.zip
>
> Anyway to do this ??
>
> Many Thanks
>
| |
|
|
jerryyang_la1@yahoo.com wrote:
> David Dorward wrote:
>
>
> Thanks.. Any examples of how to do this ??
> I'm new at this !!
1) Read in the data of the .ZIP file (I'm not sure if
file_get_contents() would be appropriate, as it returns a string, but
that's the first thing I'd try)
2) Set the content-type to whatever the ZIP mimetype is
(application-x/zip?)
3) Output the data you grabbed from your ZIP file
I've never done this personally, but I've done something similar with
images before. Read in data-set content type-send out data
|
|
|
| | Copyright 2003 - 2008 forum4designers.com Software forum Computer Hardware reviews |
|