hi ,
I need to write a php script to let users to upload files. The uploaded files can be public/private download.
For private download, i don't know how to prevent users to download the files directly from my web server. Below is my environment.
- Apache 2.0.x, PHP5.2.x, Mysql 5.1.x
- DocumentRoot: /www
e.g. if user1 uploaded a "abc.txt" to /www/user1/abc.txt, that is the URL: http://domain1.com/user1/abc.txt. How to prevent unauthorized direct access to this link?
I googled and find someone suggests to using "X-SENDFILE" header with Apache mod_xsendfile module. But i can't find detailed description about it. or any other better method?
Thanks,
Felix Chu
How to protect private file
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: How to protect private file
You can password protect a sub-directory with Apache using HTTP authentication. Your hosing control panel (if you have one) will probably have a way to do that.
(#10850)