How to protect private file

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dogdog9
Forum Newbie
Posts: 2
Joined: Fri Feb 08, 2008 10:13 pm

How to protect private file

Post by dogdog9 »

hi ,

I need to write a php script to let users to upload files. The uploaded files can be public/private download.

For private download, i don't know how to prevent users to download the files directly from my web server. Below is my environment.

- Apache 2.0.x, PHP5.2.x, Mysql 5.1.x
- DocumentRoot: /www

e.g. if user1 uploaded a "abc.txt" to /www/user1/abc.txt, that is the URL: http://domain1.com/user1/abc.txt. How to prevent unauthorized direct access to this link?

I googled and find someone suggests to using "X-SENDFILE" header with Apache mod_xsendfile module. But i can't find detailed description about it. or any other better method?

Thanks,
Felix Chu
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: How to protect private file

Post by Christopher »

You can password protect a sub-directory with Apache using HTTP authentication. Your hosing control panel (if you have one) will probably have a way to do that.
(#10850)
Post Reply