Page 1 of 1

How to protect private file

Posted: Fri Feb 08, 2008 10:27 pm
by dogdog9
hi ,

I need to write a php script to let users to upload files. The uploaded files can be public/private download.

For private download, i don't know how to prevent users to download the files directly from my web server. Below is my environment.

- Apache 2.0.x, PHP5.2.x, Mysql 5.1.x
- DocumentRoot: /www

e.g. if user1 uploaded a "abc.txt" to /www/user1/abc.txt, that is the URL: http://domain1.com/user1/abc.txt. How to prevent unauthorized direct access to this link?

I googled and find someone suggests to using "X-SENDFILE" header with Apache mod_xsendfile module. But i can't find detailed description about it. or any other better method?

Thanks,
Felix Chu

Re: How to protect private file

Posted: Sat Feb 09, 2008 9:47 am
by Christopher
You can password protect a sub-directory with Apache using HTTP authentication. Your hosing control panel (if you have one) will probably have a way to do that.