Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Dan Cumpian
January 27, 2007, 8:14 pm
rate this thread
I have setup a file download system and it resides in a folder that uses
.htaccess authentication. The system logs all file downloads, but if a
user enters a direct link to the file, he/she can authenticate and
completely bypass the file download system, thus bypassing the logging.
How can I use .htaccess directives to prevent files from being downloaded
unless they are using the download system?
Is this even possible?
Thank you in advance,
Re: Using .htaccess to prevent direct file downloads
I'd make the directory not readable, not even for authenticated users
(maybe even place the directory outside the document root).
Now redirect all your users to a server side script that does the
authenticating, and passes the files through.