Tsukiyomi Posted May 29, 2008 Share Posted May 29, 2008 I'm trying to block access to files unless they go through a php file that forces the download. So I tried setting the .htaccess file like this <Files *> Order deny,allow Deny from all </Files> And It doesn't seem to be stopping me from typing in the address in my address bar and downloading the file. Am I doing something wrong? Quote Link to comment Share on other sites More sharing options...
rhodesa Posted May 29, 2008 Share Posted May 29, 2008 1) in your web folder, create a folder called downloads 2) in the downloads folder, make an .htaccess file with this line: deny from all 3) in your web folder, create a file called download.php, which get's the filename via a GET argument help? Quote Link to comment Share on other sites More sharing options...
Tsukiyomi Posted May 29, 2008 Author Share Posted May 29, 2008 I have a download.php file thats doing that. In my .htaccess file do I only have the words "deny from all" in all lowercase letters? Quote Link to comment Share on other sites More sharing options...
rhodesa Posted May 29, 2008 Share Posted May 29, 2008 yup...you also have to make sure that Apache allows .htaccess override though Quote Link to comment Share on other sites More sharing options...
Tsukiyomi Posted May 29, 2008 Author Share Posted May 29, 2008 Ok thank you, I'll check to make sure of that. Oh, by the way MacGyver rocks. Quote Link to comment Share on other sites More sharing options...
scrupul0us Posted May 30, 2008 Share Posted May 30, 2008 might also want to use the limit directive on the directory to only allow GET access as an added level of security Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.