Prohibiting direct file downloads

Andre Garzia andre at andregarzia.com
Tue Oct 11 00:04:12 EDT 2011


Jacque,

There are many ways to do this. The easiest is with .htaccess. You can make
your .htaccess check for the HTTP_REFERRER and see if the download is coming
from your own site, if it is not, then, it can redirect somewhere.

Check out this:


http://stackoverflow.com/questions/395034/how-to-prevent-deep-linking-to-files-on-my-website

With apache you can use something along the lines of:

RewriteEngine On
RewriteCond   %{HTTP_REFERER}  !^$
RewriteCond   %{HTTP_REFERER}  !^http://www.yourdomain.com/.*$ [NC]
RewriteCond   %{HTTP_REFERER}  !^http://yourdomain.com/.*$
  [NC]
RewriteRule   ^/MyImportantFiles/*$ /page-about-direct-links.html


On Tue, Oct 11, 2011 at 12:54 AM, J. Landman Gay
<jacque at hyperactivesw.com>wrote:

> I'm not sure if this is OT or not. I want a web page to deliver a file when
> the user clicks on a download link, but I don't want the file delivered if
> the direct URL is entered into the browser location bar.
>
> I have a CGI that provides access to a download page for only those who are
> authorized to be there, and who can enter correct credentials. The hole in
> the system is that if they copy the download link from the protected page
> and give it out, the file can be downloaded by anyone who has that link.
>
> I found some info about htaccess files that seems to indicate there is a
> setting I can use to prevent that, but the examples I tried didn't work.
>
> Does anyone know a way to do this? I'm not adverse to writing another CGI
> if I have to, but it would be easier to let Apache handle it if possible.
>
> If not, has anyone delivered largish files via CGI (about 6 megs.) I've
> never tried it. Can a CGI script just do a "put" of the file? This is the
> old-style CGI engine, not the new irev server.
>
> --
> Jacqueline Landman Gay         |     jacque at hyperactivesw.com
> HyperActive Software           |     http://www.hyperactivesw.com
>
> ______________________________**_________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/**mailman/listinfo/use-livecode<http://lists.runrev.com/mailman/listinfo/use-livecode>
>



-- 
http://www.andregarzia.com -- All We Do Is Code.
http://fon.nu -- minimalist url shortening service.



More information about the Use-livecode mailing list