.htaccess question

neil

I have a member-only based system which has a directory that contains numerous sub- directories to random filetypes (pdf, txt, jpg etc). My question is how can I prevent people (including members) from typing in the link location at the URL bar and viewing it that way? Ideally I only want them to use the system to access these files.

Thanks.

devinemke

you could store files outside of the document root ans serve them up via the [man]header[/man] fucntion.

neil

Originally posted by devinemke
you could store files outside of the document root ans serve them up via the [man]header[/man] fucntion.

I'll be using headers to force download files, although I don't think this is the same as manually typing the location of the file in the address bar. As this will access the file.

For example, servers restrict the images directory to a 403... I was just wondering if .htaccess can do anything similar with files, prevent the files being accessed by everyone apart from the system.

..and they are out of the document root - i.e.:

[b]root/[/b]
[b]-	files/[/b] (no files just folders)
[b]-		movies/[/b]
		-blah.mpg
		-asdf.wmv
[b]-		docs/[/b]
		-cv.doc
		-hello.txt

devinemke

i don't think you understood me. my suggestion was to store your files entirely outside of the server's public directory (htdocs) thereby making it impossible for them to be accessed directly from the outside world. the outline of your directory structure you posted above suggests that you are storing the files within the document root.

technoboy

Below is the code you need.
...................................................
RewriteEngine on
RewriteCond %{HTTP_REFERER} !.../calproj/.
RewriteCond %{HTTP_REFERER} !.../access/.
RewriteCond %{HTTP_REFERER} !.../calendar/.
RewriteRule .* ../calendar/denyaccess.php
..................................................

Lines 2, 3, 4 are all the same thing. Put in there the directories which contain files which you WANT to be allowed access. Include the directory in which the .htaccess file is situated.

The RewriteRule is simply a notice to all the naughty people who try to access files directly.

You should place one page outside the programs directory with no protection - simply a html file to input the username and password.

One problem you will get is from people who have got their browsers caching. This includes those who have got MSIE 6 set to auto. They must set their browsers to access the Net directly.

'Doctored' browsers such as those from AOL can also be troublesome. Get AOL users to install a virgin browser if possible - firefox is a better browser anyway - you can add lots of bells and whisles (extensions)