Jump to content

How do I prevent direct file linking?

xenoalien

By xenoalien
in PHP Coding Help

 Share

Recommended Posts

Silverado_NL Newbie

Silverado_NL

Posted
Posted

an option would be to have the files outside of your www root so u cannot access it directly, but only through a script that is accessible from the outside,which in turn outputs the file u need.

this script could look at the machine accessing the script and denying the file if it is anyone else but your own server.

 

 

maybe but not sure another option might be to restrict access with apache's mod_rewrite.

although im not sure how to do this.

Link to comment
Share on other sites
xenoalien Newbie

xenoalien

Posted
  • Author
Posted

HTTP_REFERER is easily faked and testing it does not stop hotlinking.

 

Could you show me what to write in the .htaccess file? Or how to prevent direct linking? At the moment the directory to the main index.php file does not contain a .htaccess file. However I did put an index.php file in the folder where all the files will be uploaded: http://www.storeupon.com/uploaded to prevent people from seeing all of the files as easily...

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

A) Either place the files in a folder that is outside of your document root folder, like Silverado_NL posted, or

B) If that option is not available and you must use a "public" folder inside of your document root folder, place a .htaccess file in the folder with the following -

 

    Order Deny,Allow
    Deny from all

 

Putting a default document in the folder or rewriting the url will prevent someone from seeing the files but it won't prevent someone from linking to them if they find or guess the file names.

 

Link to comment
Share on other sites
xenoalien Newbie

xenoalien

Posted
  • Author
Posted

A) Either place the files in a folder that is outside of your document root folder, like Silverado_NL posted, or

B) If that option is not available and you must use a "public" folder inside of your document root folder, place a .htaccess file in the folder with the following -

 

    Order Deny,Allow
    Deny from all

 

Putting a default document in the folder or rewriting the url will prevent someone from seeing the files but it won't prevent someone from linking to them if they find or guess the file names.

 

One last issue. I am trying to make the .htaccess file with a text editor but windows will not allow me to make a file without a file name am I doing this incorrectly? I understand that I need to put the code in the file.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.