/    Sign up×
Community /Pin to ProfileBookmark

Restrict file downloading in a certain folder

Copy linkTweet thisAlerts:
Nov 18.2006

Hey,
I want to restrict file downloading from various folders on my server,
i want to configure my server to return a “restricted” error.
I thought of copying a custom .htaccess file to each folder, but then
there will be users that manage to overwrite it.

So i thought about using the “master” .htaccess file located in my FTP account’s root, in the following manner:

<Directory /users/*.exe>
</Directory>

<Directory /users/*.rar>
</Directory>

<Directory /users/*.zip>
</Directory>

<Directory /users/*.tar>
</Directory>

and just restrict other archive formats by checking MIME-type.

And additionally, use a hot-link protection script.

Now, here comes the real issue:
I want to allow any user to download any file, provided he visited my page, and was referred to the file with a header i created.

I thought of moving each file to a temp folder on request, and then erasing it’s contains each 24 hours, but that would be to complicated and resource-consuming.

Thanks to all helpers!!

to post a comment
PHP

9 Comments(s)

Copy linkTweet thisAlerts:
@HellgYauthorNov 18.2006 — Any ideas anyone?
Copy linkTweet thisAlerts:
@yitzleNov 19.2006 — I [i]think[/i] there is a way to check how someone got directed to a file, so you can write a download script that will only transfer the file assuming the user got the link by clinking the link on your page, but I don't know for sure and don't have any details.

Try Googling for... I don't know what its called.

Redirectors are made to hide how someone got to a file, so what you want is the reverse or redirectors sort of.

Try Wiki on redirectors of Google and see if that gives you any leads.
Copy linkTweet thisAlerts:
@sb_Nov 19.2006 — $_server['http_referer']
Copy linkTweet thisAlerts:
@yitzleNov 19.2006 — @sb_: Sounds right. ? Thanks.

@HellhY: So see what that value is when you access the file via your main page and then only transfer the file using a download script when it matches ?

Should work...
Copy linkTweet thisAlerts:
@HellgYauthorNov 19.2006 — Actually, what I'm looking for is an .htaccess directive that will restrict a file, in case

a user type the complete URL of the file, and tries to download it.

Each of my users will be granted an FTP account, with an access to a certain directory,

of course, i can make the directory tree very complicated, so the user would have to use my page to redirect him to the path into his folder, but there are ways around that.

But there are no ways around most of the .htaccess directives.

Also I'm looking for a way to restrict downloading from FTP.

I forgot to mention that i have a root access.

Thanks for trying to help guys
Copy linkTweet thisAlerts:
@yitzleNov 19.2006 — If the user types in the URL, then the referer won't match.

If you make a download script that checks the referer then transfers the file and if the file does not have read access set, then the only way (not counting FTP) to the file will be through the script and that will require that the user clicks the link and not type in the URL
Copy linkTweet thisAlerts:
@HellgYauthorNov 20.2006 — If the user types in the URL, then the referer won't match.

If you make a download script that checks the referer then transfers the file and if the file does not have read access set, then the only way (not counting FTP) to the file will be through the script and that will require that the user clicks the link and not type in the URL[/QUOTE]
How exactly can i check the referrer from a file(a file meant for download)?.

Exactly, you can't.

And since each user is granted an ftp account, they know exactly were their files are stored.

My only option is to create a custom htaccess file that will restrict downloading.
Copy linkTweet thisAlerts:
@carlhNov 20.2006 — how are you managing the ftp accounts? Is it something you created or using another software package?
Copy linkTweet thisAlerts:
@bokehNov 20.2006 — How exactly can i check the referrer from a file(a file meant for download)?.

Exactly, you can't.[/QUOTE]Of course you can! Just use a servelet.
×

Success!

Help @HellgY spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.20,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...