xenoalien Posted March 27, 2009 Share Posted March 27, 2009 I am not sure how to phrase the question right and I think it has been answered before... How do I prevent other sites from directly linking to files but they still show up on my website? I want people to be able to download some of my files on my website but not be able to link from another website to download files. Thanks in advance Quote Link to comment https://forums.phpfreaks.com/topic/151424-prevent-linking-unless-previous-address-was-from-local-host-htaccess/ Share on other sites More sharing options...
xenoalien Posted March 27, 2009 Author Share Posted March 27, 2009 would this gen be bad to use? http://www.htaccesstools.com/hotlink-protection/ Quote Link to comment https://forums.phpfreaks.com/topic/151424-prevent-linking-unless-previous-address-was-from-local-host-htaccess/#findComment-795386 Share on other sites More sharing options...
PFMaBiSmAd Posted March 27, 2009 Share Posted March 27, 2009 No. Like already stated HTTP_REFERER is easily faked and won't stop hotlinking. For example, the popular phpproxy script deliberately sets HTTP_REFERER to be the same as the domain being requested so if you were using HTTP_REFERER and someone linked to a file on your site through a phpproxy site, they would look like they came from your site. Edit: Basically you cannot trust any data that comes from the browser. So, you must use a piece of data that is only kept on your server. The best way is to use a session variable that is set at the point someone is allowed to do something and it is checked in the code that displays or downloads the file. This same method would also tie in with a user login in system to control who can see and download which files. Quote Link to comment https://forums.phpfreaks.com/topic/151424-prevent-linking-unless-previous-address-was-from-local-host-htaccess/#findComment-795392 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.