How to protect private file
Posted: Fri Feb 08, 2008 10:27 pm
hi ,
I need to write a php script to let users to upload files. The uploaded files can be public/private download.
For private download, i don't know how to prevent users to download the files directly from my web server. Below is my environment.
- Apache 2.0.x, PHP5.2.x, Mysql 5.1.x
- DocumentRoot: /www
e.g. if user1 uploaded a "abc.txt" to /www/user1/abc.txt, that is the URL: http://domain1.com/user1/abc.txt. How to prevent unauthorized direct access to this link?
I googled and find someone suggests to using "X-SENDFILE" header with Apache mod_xsendfile module. But i can't find detailed description about it. or any other better method?
Thanks,
Felix Chu
I need to write a php script to let users to upload files. The uploaded files can be public/private download.
For private download, i don't know how to prevent users to download the files directly from my web server. Below is my environment.
- Apache 2.0.x, PHP5.2.x, Mysql 5.1.x
- DocumentRoot: /www
e.g. if user1 uploaded a "abc.txt" to /www/user1/abc.txt, that is the URL: http://domain1.com/user1/abc.txt. How to prevent unauthorized direct access to this link?
I googled and find someone suggests to using "X-SENDFILE" header with Apache mod_xsendfile module. But i can't find detailed description about it. or any other better method?
Thanks,
Felix Chu