dogdog9 Posted February 9, 2008 Share Posted February 9, 2008 hi , I need to write a php script to let users to upload files. The uploaded files can be public/private download. For private download, i don't know how to prevent users to download the files directly from my web server. Below is my environment. - Apache 2.0.x, PHP5.2.x, Mysql 5.1.x - DocumentRoot: /www e.g. if user1 uploaded a "abc.txt" to /www/user1/abc.txt, that is the URL: http://domain1.com/user1/abc.txt. How to prevent unauthorized direct access to this link? I googled and find someone suggests to using "X-SENDFILE" header with Apache mod_xsendfile module. But i can't find detailed description about it. or any other better method? Thanks, Felix Chu Link to comment https://forums.phpfreaks.com/topic/90172-how-to-protect-private-file/ Share on other sites More sharing options...
trq Posted February 9, 2008 Share Posted February 9, 2008 You can either store your files outside of the web directory so they are not publicly accessible, or use mod_auth to lock down a particular directory within your web root. Link to comment https://forums.phpfreaks.com/topic/90172-how-to-protect-private-file/#findComment-462435 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.