Jump to content

How do I prevent direct file linking?

xenoalien

By xenoalien
in PHP Coding Help

Recommended Posts

Silverado_NL Newbie

Silverado_NL

Posted
Posted

an option would be to have the files outside of your www root so u cannot access it directly, but only through a script that is accessible from the outside,which in turn outputs the file u need.

this script could look at the machine accessing the script and denying the file if it is anyone else but your own server.

 

 

maybe but not sure another option might be to restrict access with apache's mod_rewrite.

although im not sure how to do this.

xenoalien Newbie

xenoalien

Posted
  • Author
Posted

HTTP_REFERER is easily faked and testing it does not stop hotlinking.

 

Could you show me what to write in the .htaccess file? Or how to prevent direct linking? At the moment the directory to the main index.php file does not contain a .htaccess file. However I did put an index.php file in the folder where all the files will be uploaded: http://www.storeupon.com/uploaded to prevent people from seeing all of the files as easily...

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

A) Either place the files in a folder that is outside of your document root folder, like Silverado_NL posted, or

B) If that option is not available and you must use a "public" folder inside of your document root folder, place a .htaccess file in the folder with the following -

 

    Order Deny,Allow
    Deny from all

 

Putting a default document in the folder or rewriting the url will prevent someone from seeing the files but it won't prevent someone from linking to them if they find or guess the file names.

 

xenoalien Newbie

xenoalien

Posted
  • Author
Posted

A) Either place the files in a folder that is outside of your document root folder, like Silverado_NL posted, or

B) If that option is not available and you must use a "public" folder inside of your document root folder, place a .htaccess file in the folder with the following -

 

    Order Deny,Allow
    Deny from all

 

Putting a default document in the folder or rewriting the url will prevent someone from seeing the files but it won't prevent someone from linking to them if they find or guess the file names.

 

One last issue. I am trying to make the .htaccess file with a text editor but windows will not allow me to make a file without a file name am I doing this incorrectly? I understand that I need to put the code in the file.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.