Jump to content

Recommended Posts

Hi,

 

I want to restrict access to specific folder if some one copies and paste download file link or folder in browser. For that i have modified my htaccess file and added following lines of codes in that

 

RewriteEngine On

RewriteCond %{REQUEST_URI} \.(doc|zip|pdf)$ [NC]

RewriteRule ^(.*)$ /download-pdf.php?filename=$1 [L]

 

Beside this i have placed plenty of codes searcher from google to make it accessible when accessed from my domainsite.com

 


 


 

and searched almost every site. But restricting access to my files will not allow me to access it through my site also.

 

The only solution i came across is to force download the restricted file if accessed through my site. For that i have made forcedownload.php file and reading the contents of file in that. But the problem is that how to add condition in htaccess to go to download page if accessed through my site. Any help??

Link to comment
https://forums.phpfreaks.com/topic/283380-how-to-force-download-file/
Share on other sites

 

The only solution i came across is to force download the restricted file if accessed through my site. For that i have made forcedownload.php file and reading the contents of file in that. But the problem is that how to add condition in htaccess to go to download page if accessed through my site. Any help??

 

 

I'm not really understanding you. What do you mean " to go to download page if accessed through your site". Are you saying if the user types in the URL that points directly to the file you want them to be redirected to the PHP page that does the download? If so, there's a much easier solution. Move the file outside of the public folders. Then the only way people can get the file is through the download script - there won't even be a url to access the file at all.

I want that if a file in accessed by directly copy paste the url in browser it should restrict its access and that is actually happening by adding the above lines in htaccess. But these lines are not allowing me to access the files even if i access them going through my website. I want the files to be accessible if i reach those files through my site. For this i have googled a lot but none of the code worked

"How" are you referencing the file in the download script - i.e. the path? Are you referencing the file using an http:// path or via the file system. If you are using a relative path via the file system, I can't think of why the htaccess file would have any reason to stop your script from reading the file. You should definitely not be referencing the file via http.

 

But, as I stated above, you don't need to do any of this. Simply put the file in a folder that is not publicly accessible - i.e. outside of the root of your website. Then, there isn't any URL path that could ever point directly to the file and the only way to get the file would be through your download script. No entries in the htaccess file would be needed at all.

 

So, if your website is in a folder with the name htdocs, put the downloads in a folder that is at the same level or above that folder. E.g.:

 

 |

 | - htdocs

 |   | - about

 |   | - contact

 |   | - home

 |   | -  . . . etc.

 |

 | - Downloads //Not publicly accesible

I donot have any single which i am referencing. I have multiple files inside the subdirectory download_files and are reffered by multiple places in the site. I want to restrict all of these files so i have applied the above code in htaccess. Now, i am unable to understand where to put the download.php and how to pass the file name to that so that if someone accesses it through website he should have access to that. Please explain me the flow

preg_match("/[^\/]+$/", $_SERVER['HTTP_REFFERER'], $matches); //get the filename after last slash

$file_name= $matches[0];

header("Content-disposition: attachment; filename=".$file_name);

header('Content-Type: application/octet-stream');

readfile($file_name".pdf");

Well, that's not really your code is it? Pretty sure that last line would cause a syntax error.

 

It's typically a not a good idea to pass the file name as a parameter since you will have to deal with spaces and other disallowed characters. But, using that same code, you can simply put the files in a folder that is not publicly accessible as I stated before. Not knowing what folder that script is located in I can't say for sure what the relative path would be. But, for arguments sake, let's say the folder 'download_files' that is up two levels from where the script download.php is located. In that case just change the last line to this

 

 

readfile('../../{$file_name}.pdf");

I have resolve the file download issue. Finalized code in htaccess is:

 

RewriteEngine On
# you can add whatever extensions you want routed to your php script
RewriteCond %{REQUEST_URI} \.(doc|zip|pdf)$ [NC]
RewriteRule ^(.*)$ download.php?filename=$1 [L]
 
But it is causing the same problem again as if someone access the file without going through site it will open it. Any idea on how to prevent direct access to files  :confused:

I've already told you  - move the files outside the web accesible folders. Then no one can access the files directly through a URL and the only way to get the files is through the download script.

 

What part of my response on Reply #8 was not clear?

 

1. Move the files to a folder that is not accessible through the web. You should have a root folder for your website. The folder for the files should be on the same level or above that folder. If this is on a shared host and you created your site in the root of the folder your host provided, then you need to put your site in a subfolder and configure the domain to point to that subfolder. Then the root folder your host provided is no longer web accessible.

 

2. Change the readfile() function to read the files in the new folder location.

 

NO REWRITE/HTACCESS CONFIGURATIONS ARE NEEDED.

Edited by Psycho
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.