Re: Protect download files



JDS wrote:
> On Fri, 22 Jul 2005 05:11:04 -0700, fgarciarico wrote:
>
> > If I write in the location bar the url of a video, I can download
> > without problem because the application cannot test if the user is
> > already authenticated or not. I´ve read something about RedirectMatch
> > and it works well but now the users cannot see the videos.
>
> Do one of the following:
>
> 1) Use Basic Auth in the .htaccess file
> Example: http://httpd.apache.org/docs/1.3/howto/auth.html
>
> 2) Use Basic Auth within PHP
> http://us2.php.net/features.http-auth
>
> I recommend number (1). Of course, the trouble with that is that it is
> outside any application logic.
>
> You could try putting any .avi (or other protected files) outside the http
> virtual directory path and then create a PHP shell app that just gets and
> downloads the file for you. (I know you said you are trying something
> like this). To do this you will need to use
>
> header("Content-type: blah/blah");
>
> where blah/blah is the correct content type
>
> The important thing here is to put the .avi files (any protected files)
> OUTSIDE the http virtual directory path! So that one cannot just type in
> a URL and get the file.
>
>
> --
> JDS | jeffrey@xxxxxxxxxxxxxxx
> | http://www.newtnotes.com
> DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/


put a .htaccess in your video dir containing the line:

deny from all

this will prevent any browser access in that dir

now deliver the videos to your users with a php script that

1. checks the credentials and
2. if ok, delivers the video via the servers filesystem, using i.e.
readfile (which is not affected by .htaccess)

micha

.

Relevant Pages
Loading