Page 1 of 1

Block user from accessing folder from outside my website

Posted: Thu Apr 15, 2004 12:36 am
by Chris Corbyn
Hi,

I didn't really know where to search or what to search for on this one but how can I prevent people linking to my files from other sites or just keying the URL to the file straight in the address bar?

Some sites force a redirect to an error page if you try to download a file from outside their website (I even if the url isn't "somesite.com/processfile.php?download=somefile" and its just "somesite.com/somefile.ext"). This is what I'm aiming to acheive. I already have forms to go through to hide the URL's for the files when they are downloaded from my site but I also wanted to add this extra security feauture.

Is it a code based feature or an ftp based feature. I cannot edit any configuration files on the server since it is not my server (username.t35.com).

Thanks :-)

Posted: Thu Apr 15, 2004 3:15 am
by markl999
Maybe something like:

Code: Select all

$allowed = 0;
if(!empty($_SERVER['HTTP_REFERER'])){
    $url = parse_url($_SERVER['HTTP_REFERER']);
    if($url['host'] == 'yourdomainhere.com'){
         $allowed = 1;
    }
}
if($allowed == 0){
    die('You cannot access this file, go away!');
}

Posted: Thu Apr 15, 2004 7:50 am
by Chris Corbyn
Where do i put this code?

I was hoping to stop people accessing e.g. "mysite.com/somefolder/somfile.mid" not "mysite.com/download.php?file=somfile" because even within my site you are asked to enter the number shown in the image to download and then download.php redirects to the file.

It would be practically impossible for anyone to do it from outside through download.php too since the number they are asked to enter is different every time. The only way they currently access my files from outside is by the most obvious way possible. Just to link to "mysite.com/somefolder/somfile.mid" and bypass download.php.

Maybe I didn't put across what I was trying to do very well. Sorry

Posted: Thu Apr 15, 2004 8:03 am
by magicrobotmonkey
you've got to do something with .htaccess I think - it won't do any good to put php anywhere as the whole problem is people not going through a php page

Posted: Thu Apr 15, 2004 8:06 am
by Chris Corbyn
Ok.

I see. Ermm. I once tried to create the file .htaccess because I am going to launch my ringtone website onto WAP soon but from some reason when I try to create .htaccess windows says "You Must Enter A Filename".

The FTP software I'm using is called WebDrive and is a virtual drive mapper for windows which makes a new network drive which connects to the ftp.

I wonder if it's just cos windows won't allow these files on it's system? Maybe I'll try WSFTP

Thanks

Posted: Thu Apr 15, 2004 9:07 am
by AnsonM
Read some.htaccess tutorials... there are some really good ones out there. Try google(ing) :)

You can put the script on your index.php..

I'm assuming you have includes in that file linking to each page?

Posted: Thu Apr 15, 2004 9:09 am
by AnsonM
d11wtq wrote:Ok.

I see. Ermm. I once tried to create the file .htaccess because I am going to launch my ringtone website onto WAP soon but from some reason when I try to create .htaccess windows says "You Must Enter A Filename".

The FTP software I'm using is called WebDrive and is a virtual drive mapper for windows which makes a new network drive which connects to the ftp.

I wonder if it's just cos windows won't allow these files on it's system? Maybe I'll try WSFTP

Thanks
Use Notepad, then go to file -> Save As

Save it as ".htaccess"

Make sure you have the "s or else it won't work!

---> Yes u can edit it on ws_ftp :)

Posted: Thu Apr 15, 2004 9:13 am
by redmonkey
If you can use .htaccess files on your server (you will also require apache's mod_rewrite engine be on) try googling for apache+hotlinking which should turn up planty of tutorials and examples. These examples will use apache's mod_rewrite engine to prevent direct access to the files from outside of your site.

Posted: Thu Apr 15, 2004 9:28 am
by Chris Corbyn
Brilliant Thanks.

I'll take a look at that then :-)