Rescricting Downloads

Anon

I am trying to make a download page, where a user which is browsing my site can go to and download a file. But, I do not want it to be possible for a remote site to just put a link to my file. How would I be able to restrict this, would I use cookies or somthing of the type?

Thanks in advance.

joshua

Can anyone help?

[deleted]

A simple way is to check for the $HTTP_REFERER.
This will contain the URL of the page that linked to the current URL.

You can make a simple script that will 'passthru' the file for the user to download.
That script can simply check the $HTTP_REFERER, and if the 'referring' address is not on your website, you refuse the download.
That way the only way to download the file is to first visit your webpage that has the link to the file on it.

Ofcourse the real hackers will not have a big problem to spoof the referer, but the average user will not go to such lengths just to save one click.

joshua

Hey, thanks vincent, I will see if that works ok. I am not worried about people trying to hack my site, they are free downloads, I just dont want the people linking the d/l from a different site. No leaching.

I will post if it works or not.

joshua

hey thanks, it looks like this will do the trick.