.htaccess and PHP...

Quevas

I've some directories protected with .htaccess files (to avoid entries by writing the complete URL) and in my page there're links to download files contained in these directories .

My problem is:
When users click on links to download files Apache ask them username and password (because of .htaccess files).

My question is:
Could I avoid Apache's request passing password and username by code?

PHPdev

You could pass it on the url... but I dont think you want to do that... I personally dont know how you could pass it via code....

PHPdev

tjward

Why not change your htaccess file from username/password to referrer based? then only accept referrers from your own domain.

that way no outside links to your files would work.

ipruthi

Type this on your .htaccess file:

Option -indexes

Ilir.

Quevas

Thanks to all for helps. 🙂

tjward, could you explain with an example your idea please?

tjward

hi there
put this "referrer based" .htaccess file in the protected directory.
then the protected directory can only be accessed from another page in your domain.
if there are other domains that you want to allow to link to your protected directory, add them on the next line.. add as many allowed domains as you want.

if someone tries to access your private directory who is not allowed, they will be directed to the page you list in the last line.

name the file .htaccess
ftp it in ascii only.
permissions -rw-r--r--

works pretty good.. I have used these for years.
a good tutorial is at;
http://www.webmastersguide.com/htaccess-cgi/htaccess.htm

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^{[url]http:///urlyourdomain.com/} [NC]
RewriteCond %{HTTP_REFERER} !^{[url]http:///url}another_allowed_domain.com/ [NC]

RewriteRule /* http://www.yourdomain.com/warning_page.html [R,L]

Quevas

Perfect!

Thanks 🙂