can't get my htaccess to work the way i want! - restricted access.

[spiderwell]

Hi all

 

I am really gonig mad trying this out, I have a folder which file uploads are in, and only want them to be downloadable via access from one php file, which also resides in the same folder. its a basic php forcedownload script. I dnot want the files to be able to be accessed by typing them into the browser (i have already hidden the file names, and added checks for logged users).

My efforts have seem to be all or nothing, i.e cant access anything in the folder or you can anything.

 

i had this in the top of the htaccess:

# disable directory browsing

Options All -Indexes

 

which wouldnt let me access the php script that downloads the files (the php download script is called by updating the src of an iframe via ajax, I am using an iframe hidden to trigger the force download)

 

if i delete the htacess it works fine but then no security.

 

I tried adding this to the htaccess and it didnt work either:

 

 

AuthUserFile /dev/null

AuthGroupFile /dev/null

 

RewriteEngine On

 

RewriteCond %{HTTP_REFERER} !^http://www.ethickink.co.uk/geoline/.* [NC]

RewriteCond %{HTTP_REFERER} !^http://ethickink.co.uk/geoline/.* [NC]

 

RewriteRule /* http://www.ethickink.co.uk/geoline/pages/index.html [R,L]

 

 

I really am not understanding htaccess very well  :'(

 

any help would be much appreciated

[requinix]

Options -Indexes will only disable directory browsing and Auth*File also requires other directives to work.

 

The easiest way with Apache is

Order allow,deny

(in the .htaccess in the folder) but that disables access to everything. Of course you could just move the download script somewhere else and keep the directory dedicated to file storage.

 

You can allow access to specific files though.

Order allow,deny

    Order deny,allow

or a wildcard

or something else.

[spiderwell]

thanks for the reply, i will have a play when i get home later and let you know how i got on!