Re: prevent the direct link with .httaccess file



BigZero wrote:
Hello ppl,

i have web site that runs on Apache server with php scripts.
i have sub director(folder) pdfs that contains pdf files and i want to
prevent those file from direct accessing.
so i write .htaccess file that to prvent accessing those file directly
for example i have xyz.pdf file
and if write the full address in browser i able to get this file ie
http://www.domain.com/pdfs/xyz.pdf
i want prevent this from user if any body enter this path then web
site must take them to login page.

here is my .httacces file that is not working for me[ here it's not
redirect the page but it should not allow user to read file but it's
not working for me the user can read the file by using the full
address of pdf file ]

# Protect all files
<Files ~ "*.pdf" >
Order deny,allow
Deny from all
</Files>

this .htaccess file in pdfs folder but it allow user to read the file.

All i m looking for is how to redirect the user to login page if he
enters the full address that is
http://www.domain.com/pdfs/xyz.pdf then allow him to read or
download the pdf file



Thanks
Vm

as Jerry as already pointed out its not really a php problem.
..
..
..
ok I'm gonna point you a direction..

you COULD use .htaccess .htpasswd

do google's of : .htaccess php password
and :.htaccess .htpasswd

you COULD use mysql authenticated .htaccess and have php administer the database. then users would use their user/pass when accessing protected folders.


You MAY be tempted , after reading about .htaccess authentication , to make one .htpassword and tell everyone to use

user:password@xxxxxxxxxxxxxxxx/pdf/somefile.pdf

but thats a BAD, LAZY way of doing it . your users could pass the auth details along to other people.

Go talk to someone in a apache forum/newsgroup for more info on ..htaccess authentication MAINLY mysql so you can tie in with a php interface. MOST users won't care if they have to retype their user pass for a "secure" section. if they complain just tell them that is for security.



Once you have done that come back when have PHP code that not working.
We will be happy to look at it and give you some pointers



regards
trookat


OK OK here is a spoon fed link http://corz.org/serv/tricks/htaccess.php
see what a couple mins with google can do? TAKE A GOOD LOOK near "get better protection.."
.



Relevant Pages

  • Re: moving website to a new server
    ... I moved all the files of my website to a new Apache server. ... It probably has to do the configuration of PHP. ... you have those in .htaccess files, then the usage of htaccess is ...
    (alt.php)
  • Re: moving website to a new server
    ... I moved all the files of my website to a new Apache server. ... To help you, we need to know about the PHP application you are using, if it's something you wrote your self, then it's code and directory structure that would be needed. ... The PHP config will not make you to get 404 error, so the problem may lay in your Apache configuration with RewriteRules, if you have those in .htaccess files, then the usage of htaccess is disabled. ...
    (alt.php)
  • Re: prevent the direct link with .httaccess file
    ... this .htaccess file in pdfs folder but it allow user to read the file. ... download the pdf file ... as Jerry as already pointed out its not really a php problem. ... Go talk to someone in a apache forum/newsgroup for more info on ...
    (comp.lang.php)
  • Re: prevent the direct link with .httaccess file
    ... so i write .htaccess file that to prvent accessing those file directly ... download the pdf file ... as Jerry as already pointed out its  not really a php problem. ... You MAY be tempted, after reading about .htaccess authentication, to ...
    (comp.lang.php)
  • Re: File with no link
    ... You do this in a .php file which as far as the user is concerned ... at the script I suggested. ... When User1 clicks on the link, it opens up ... So, if User1 knows about User2, he can see User2's pdf file. ...
    (comp.lang.php)