Jump to content

Recommended Posts

I am not sure how to phrase the question right and I think it has been answered before... How do I prevent other sites from directly linking to files but they still show up on my website? I want people to be able to download some of my files on my website but not be able to link from another website to download files. Thanks in advance

No. Like already stated HTTP_REFERER is easily faked and won't stop hotlinking.

 

For example, the popular phpproxy script deliberately sets HTTP_REFERER to be the same as the domain being requested so if you were using HTTP_REFERER and someone linked to a file on your site through a phpproxy site, they would look like they came from your site.

 

Edit: Basically you cannot trust any data that comes from the browser. So, you must use a piece of data that is only kept on your server. The best way is to use a session variable that is set at the point someone is allowed to do something and it is checked in the code that displays or downloads the file. This same method would also tie in with a user login in system to control who can see and download which files.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.