Re: direct link prevention on apache
From: Chung Leong (chernyshevsky_at_hotmail.com)
Date: 12/06/03
- Next message: Charlie-Boo: "Re: Parsing Web Sites"
- Previous message: Phil Roberts: "Re: "Storage Module" Initialization Problem"
- In reply to: Jan Bols: "direct link prevention on apache"
- Next in thread: R. Rajesh Jeba Anbiah: "Re: direct link prevention on apache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 5 Dec 2003 19:17:10 -0500
Tough nut to crack. All I can think of is to dynamically adds the client's
IP address to a .htaccess file, then redirect the browser to the URL
pointing to the file. The IP address should be saved to a session variable
so that you can remove it from .htaccess when the session expires.
Uzytkownik "Jan Bols" <jan@ivpv.ugent.be> napisal w wiadomosci
news:bqq7oe$9hp$1@gaudi2.UGent.be...
> I'm using PHP 4.3 and APACHE2.0. I have a website that requires people
> to log in before they can download files from my website. A person is
> logged in if there is a session-variable $logged_in set to TRUE.
>
> How can I prevent people from downloading a file (f.e. myfile.doc)
> without being logged in when they know the direct link to the file
> (http://www.mysite.com/somedir/myfile.doc)?
>
> Putting the file in an obscure place by working with random numbers
> (http://www.mysite.com/13ds5fd1g/myfile.doc) is not a solution for me.
>
> The other solution of using a scriptfile like download.php as a gateway
> to serve the file and restricting all other access to the directory with
> a .htaccess file is also not an option, because this doesn't work
> perfectly in older brwosers that don't handle the headers(Content...)
> correctly.
>
> I would like Apache to handle this. If one requests a file in a certain
> directory, I want apache to check if the user is logged in or not by
> calling a file like download.php. If he is logged in than the requested
> file is served by apache (not by the download.php file acting as a
> gateway). I was thinking to use mod_rewrite, but I don't think this
> works because it will keep on rewriting the url to go to the
> download.php file. Even if I'm coming from that place. Also using
> HTTP_REFERER is not a good idea because a lot of firewalls prevent this
> information.
>
> Is this simply impossible? Can I use mod_rewrite for this and how? Are
> there other possibilities?
>
> Thanks
> Jan Bols
>
- Next message: Charlie-Boo: "Re: Parsing Web Sites"
- Previous message: Phil Roberts: "Re: "Storage Module" Initialization Problem"
- In reply to: Jan Bols: "direct link prevention on apache"
- Next in thread: R. Rajesh Jeba Anbiah: "Re: direct link prevention on apache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
