Prohibiting direct file downloads

Andre Garzia andre at
Tue Oct 11 00:04:12 EDT 2011


There are many ways to do this. The easiest is with .htaccess. You can make
your .htaccess check for the HTTP_REFERRER and see if the download is coming
from your own site, if it is not, then, it can redirect somewhere.

Check out this:

With apache you can use something along the lines of:

RewriteEngine On
RewriteCond   %{HTTP_REFERER}  !^$
RewriteCond   %{HTTP_REFERER}  !^*$ [NC]
RewriteCond   %{HTTP_REFERER}  !^*$
RewriteRule   ^/MyImportantFiles/*$ /page-about-direct-links.html

On Tue, Oct 11, 2011 at 12:54 AM, J. Landman Gay
<jacque at>wrote:

> I'm not sure if this is OT or not. I want a web page to deliver a file when
> the user clicks on a download link, but I don't want the file delivered if
> the direct URL is entered into the browser location bar.
> I have a CGI that provides access to a download page for only those who are
> authorized to be there, and who can enter correct credentials. The hole in
> the system is that if they copy the download link from the protected page
> and give it out, the file can be downloaded by anyone who has that link.
> I found some info about htaccess files that seems to indicate there is a
> setting I can use to prevent that, but the examples I tried didn't work.
> Does anyone know a way to do this? I'm not adverse to writing another CGI
> if I have to, but it would be easier to let Apache handle it if possible.
> If not, has anyone delivered largish files via CGI (about 6 megs.) I've
> never tried it. Can a CGI script just do a "put" of the file? This is the
> old-style CGI engine, not the new irev server.
> --
> Jacqueline Landman Gay         |     jacque at
> HyperActive Software           |
> ______________________________**_________________
> use-livecode mailing list
> use-livecode at
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:

-- -- All We Do Is Code. -- minimalist url shortening service.

More information about the Use-livecode mailing list