RyanMinor Posted November 28, 2011 Share Posted November 28, 2011 I have a folder that I want to protect from hotlinking (downloading of the files directly from the URL). The location of this folder is at www.mysite.com/downloads/files/. In that folder I have to zipped folders called basic.zip and premium.zip. How do I prevent people from downloading the files by typing www.mysite.com/downloads/files/basic.zip? Below is my current .htaccess file that is placed inside of mysite.com/downloads/files. RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [NC] RewriteRule .*\.(zip)$ - [F] What am I doing wrong? Quote Link to comment Share on other sites More sharing options...
requinix Posted November 28, 2011 Share Posted November 28, 2011 It seems fine... Maybe I'm just missing something. Try with a Rule that stops rewriting if the referrer is good, and a second to handle anything else (which must necessarily be bad). RewriteEngine on # allow if any of: RewriteCond %{HTTP_REFERER} ^http://(www.)?example.com RewriteRule \.zip$ - [L] # deny from the rest RewriteRule \.zip$ - [F] Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted November 28, 2011 Share Posted November 28, 2011 Keep this file OUTSIDE of the webroot, and use a PHP script to check permissions, read the file, and dump it to the user with proper headers. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.