Block files

Tsukiyomi · May 29, 2008

I'm trying to block access to files unless they go through a php file that forces the download. So I tried setting the .htaccess file like this

Order deny,allow

Deny from all

</Files>

And It doesn't seem to be stopping me from typing in the address in my address bar and downloading the file. Am I doing something wrong?

rhodesa · May 29, 2008

1) in your web folder, create a folder called downloads

2) in the downloads folder, make an .htaccess file with this line:

deny from all

3) in your web folder, create a file called download.php, which get's the filename via a GET argument

help?

Tsukiyomi · May 29, 2008

I have a download.php file thats doing that. In my .htaccess file do I only have the words "deny from all" in all lowercase letters?

rhodesa · May 29, 2008

yup...you also have to make sure that Apache allows .htaccess override though

Tsukiyomi · May 29, 2008

Ok thank you, I'll check to make sure of that.

Oh, by the way MacGyver rocks.

scrupul0us · May 30, 2008

might also want to use the limit directive on the directory to only allow GET access as an added level of security

Recommended Posts