Using .htaccess to prevent direct file downloads

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I have setup a file download system and it resides in a folder that uses
.htaccess authentication. The system logs all file downloads, but if a
user enters a direct link to the file, he/she can authenticate and
completely bypass the file download system, thus bypassing the logging.
How can I use .htaccess directives to prevent files from being downloaded
unless they are using the download system?

Is this even possible?

Thank you in advance,

Re: Using .htaccess to prevent direct file downloads

Quoted text here. Click to load it

I'd make the directory not readable, not even for authenticated users  
(maybe even place the directory outside the document root).

Now redirect all your users to a server side script that does the  
authenticating, and passes the files through.
Rik Wasmus

Site Timeline