new_member Posted October 28, 2013 Share Posted October 28, 2013 Hi, I want to restrict access to specific folder if some one copies and paste download file link or folder in browser. For that i have modified my htaccess file and added following lines of codes in that RewriteEngine On RewriteCond %{REQUEST_URI} \.(doc|zip|pdf)$ [NC] RewriteRule ^(.*)$ /download-pdf.php?filename=$1 [L] Beside this i have placed plenty of codes searcher from google to make it accessible when accessed from my domainsite.com http://stackoverflow.com/questions/19626322/deny-directly-access-to-folder-but-allow-throw-script http://stackoverflow.com/questions/13658988/prevent-direct-access-to-images-using-the-browser-url and searched almost every site. But restricting access to my files will not allow me to access it through my site also. The only solution i came across is to force download the restricted file if accessed through my site. For that i have made forcedownload.php file and reading the contents of file in that. But the problem is that how to add condition in htaccess to go to download page if accessed through my site. Any help?? Quote Link to comment Share on other sites More sharing options...
Psycho Posted October 28, 2013 Share Posted October 28, 2013 The only solution i came across is to force download the restricted file if accessed through my site. For that i have made forcedownload.php file and reading the contents of file in that. But the problem is that how to add condition in htaccess to go to download page if accessed through my site. Any help?? I'm not really understanding you. What do you mean " to go to download page if accessed through your site". Are you saying if the user types in the URL that points directly to the file you want them to be redirected to the PHP page that does the download? If so, there's a much easier solution. Move the file outside of the public folders. Then the only way people can get the file is through the download script - there won't even be a url to access the file at all. Quote Link to comment Share on other sites More sharing options...
new_member Posted October 28, 2013 Author Share Posted October 28, 2013 I want that if a file in accessed by directly copy paste the url in browser it should restrict its access and that is actually happening by adding the above lines in htaccess. But these lines are not allowing me to access the files even if i access them going through my website. I want the files to be accessible if i reach those files through my site. For this i have googled a lot but none of the code worked Quote Link to comment Share on other sites More sharing options...
Psycho Posted October 28, 2013 Share Posted October 28, 2013 "How" are you referencing the file in the download script - i.e. the path? Are you referencing the file using an http:// path or via the file system. If you are using a relative path via the file system, I can't think of why the htaccess file would have any reason to stop your script from reading the file. You should definitely not be referencing the file via http. But, as I stated above, you don't need to do any of this. Simply put the file in a folder that is not publicly accessible - i.e. outside of the root of your website. Then, there isn't any URL path that could ever point directly to the file and the only way to get the file would be through your download script. No entries in the htaccess file would be needed at all. So, if your website is in a folder with the name htdocs, put the downloads in a folder that is at the same level or above that folder. E.g.: | | - htdocs | | - about | | - contact | | - home | | - . . . etc. | | - Downloads //Not publicly accesible Quote Link to comment Share on other sites More sharing options...
new_member Posted October 29, 2013 Author Share Posted October 29, 2013 I donot have any single which i am referencing. I have multiple files inside the subdirectory download_files and are reffered by multiple places in the site. I want to restrict all of these files so i have applied the above code in htaccess. Now, i am unable to understand where to put the download.php and how to pass the file name to that so that if someone accesses it through website he should have access to that. Please explain me the flow Quote Link to comment Share on other sites More sharing options...
Psycho Posted October 29, 2013 Share Posted October 29, 2013 You never answer my question. Quote Link to comment Share on other sites More sharing options...
new_member Posted October 29, 2013 Author Share Posted October 29, 2013 preg_match("/[^\/]+$/", $_SERVER['HTTP_REFFERER'], $matches); //get the filename after last slash $file_name= $matches[0]; header("Content-disposition: attachment; filename=".$file_name); header('Content-Type: application/octet-stream'); readfile($file_name".pdf"); Quote Link to comment Share on other sites More sharing options...
Psycho Posted October 29, 2013 Share Posted October 29, 2013 Well, that's not really your code is it? Pretty sure that last line would cause a syntax error. It's typically a not a good idea to pass the file name as a parameter since you will have to deal with spaces and other disallowed characters. But, using that same code, you can simply put the files in a folder that is not publicly accessible as I stated before. Not knowing what folder that script is located in I can't say for sure what the relative path would be. But, for arguments sake, let's say the folder 'download_files' that is up two levels from where the script download.php is located. In that case just change the last line to this readfile('../../{$file_name}.pdf"); Quote Link to comment Share on other sites More sharing options...
new_member Posted October 29, 2013 Author Share Posted October 29, 2013 I have resolve the file download issue. Finalized code in htaccess is: RewriteEngine On # you can add whatever extensions you want routed to your php script RewriteCond %{REQUEST_URI} \.(doc|zip|pdf)$ [NC] RewriteRule ^(.*)$ download.php?filename=$1 [L] But it is causing the same problem again as if someone access the file without going through site it will open it. Any idea on how to prevent direct access to files Quote Link to comment Share on other sites More sharing options...
trq Posted October 29, 2013 Share Posted October 29, 2013 Any idea on how to prevent direct access to files Move them somewhere they cannot be accessed. Quote Link to comment Share on other sites More sharing options...
new_member Posted October 29, 2013 Author Share Posted October 29, 2013 Sorry the modified code is RewriteRule \.(pdf)$ - [NC,F,L] RewriteCond %{REQUEST_URI} \.(doc|zip|pdf)$ [NC] RewriteRule ^(.*)$ download.php?filename=$1 [L] But still it is giving restricted access if i access it from my site also. Quote Link to comment Share on other sites More sharing options...
Psycho Posted October 29, 2013 Share Posted October 29, 2013 (edited) I've already told you - move the files outside the web accesible folders. Then no one can access the files directly through a URL and the only way to get the files is through the download script. What part of my response on Reply #8 was not clear? 1. Move the files to a folder that is not accessible through the web. You should have a root folder for your website. The folder for the files should be on the same level or above that folder. If this is on a shared host and you created your site in the root of the folder your host provided, then you need to put your site in a subfolder and configure the domain to point to that subfolder. Then the root folder your host provided is no longer web accessible. 2. Change the readfile() function to read the files in the new folder location. NO REWRITE/HTACCESS CONFIGURATIONS ARE NEEDED. Edited October 29, 2013 by Psycho Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.