Preventing direct access to files from the browser

software development

#1

How do I prevent downloading of files from my server if someone enters the direct file url into the browser. I want to allow members to have access to the files while denying non members access to the files.

Thanks

Visit blisstronix.com[/b]>http://blisstronix.comto shop for your favorite electronics and great outdoor products. Great Products, Fast Friendly Service, Fast Shipping…


#2

You will need to protect them somehow (apache authentication, etc.), or an application to manage user access - there are many such scripts available on the web.

–rlparker


#3

This is my basic situation.

I have an old time radio site in which members can listen to shows on the website via an embeded windows media player though. those scripts dont work with the embeded player and I have tried mod_rewrites. The mod rewrite works as far as blocking anonymous surfers from accessing files directly via file url, but the embeded player does not work.

here is the script for the htaccess file:

Require images to be linked to or embedded from my site

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://([-a-z0-9]+.)?mysite.com [NC]
RewriteRule ^(.*).(mp3)$ /noaccess.php?$1.$2 [NC,L]

the player does not play the mp3 files.

any help would be much appreciated. thanks

Visit blisstronix.com[/b]>http://blisstronix.comto shop for your favorite electronics and great outdoor products. Great Products, Fast Friendly Service, Fast Shipping…


#4

I understand, and I gave you an answer that is correct. You can’t accomplish what you are trying to do with just html or re_write rules; you need some way of determining whether of not the visitor is a “member” to decide whether to allow them to access the files or not.

If you don’t fell like “homebrewing” such an application, you might consider using the DH provided “one-click” installation of Joomla! which has the capability of restricting access to content to registered members only “built in” as one of it’s core components.

And, as I said, there are many such applications/systems out there - you just have to look and find one that you are capable of understanding, installing, and operating on your site. It’s either that, or write the scripts yourself - there really is no properly secure “shortcut”.

While there are kludges you could implement to “hide the link” from “non-members”, without the programming I described, once the link is “shared” by a member (or otherwise released “into the wild”), you won’t be able to prevent “non-members” from browsing to it. :wink:

–rlparker