Restrict File Access using .htaccess ?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have a directory full of files (zip, pdf, exe, xls)

The directory structure is: /

I don't want users to be able to specify a full file url to download
any files.
IE: I don't want them to be able to enter as the url:

I only want them to have access to the files, if they follow a link
from files.php.
This is located at:

In files.php, the links are coded as /Downloads/

Anyway to do this ??

Many Thanks

Re: Restrict File Access using .htaccess ? wrote:

Quoted text here. Click to load it

The short answer is "no".

The slightly longer answer is "You could check the referer header, but is
optional and not uncommonly munged"

You could also look at keeping the files outside the webroot, and having a
PHP script serve them up if passed a time sensitive token you generate on
the index.

David Dorward       < <
                     Home is where the ~/.bashrc is

Re: Restrict File Access using .htaccess ?

David Dorward wrote:

Quoted text here. Click to load it

Thanks.. Any examples of how to do this ??
I'm new at this !!

Re: Restrict File Access using .htaccess ? wrote:
Quoted text here. Click to load it

1) Read in the data of the .ZIP file (I'm not sure if
file_get_contents() would be appropriate, as it returns a string, but
that's the first thing I'd try)
2) Set the content-type to whatever the ZIP mimetype is
3) Output the data you grabbed from your ZIP file

I've never done this personally, but I've done something similar with
images before. Read in data-set content type-send out data

Re: Restrict File Access using .htaccess ?

Really there's no way of doing exactly what you want, but you could use a
php download script to manage them.  There's several out there. Some make
the downloader supply their email before they are able to download, some use
a captcha image, and others are password protected.  Just depends on how you
would like to do it.  Try the file download script section over at the php
resourceindex at /
Quoted text here. Click to load it

Site Timeline