Direct linking

axel486 used Ask the Experts™
Is there a way of preventing unauthorised downloading of direct links to my site's files?For example a link to a zip file in my site is posted in a forum.When the guy left clicks the link,it goes to an error page cause i used htaccess but when he right clicks and saves the files, he is able to continue downloading.Can i prevent that?

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Yes and no?

What is the OS and web server platform?


PERL version 5.006001
Apache version 1.3.26 (Unix)

This topic is covered in Apache FAQ:

Specific section:
The goal here is to prevent people from inlining your images directly from their web site, but accessing them only if they appear inline in your pages.

     This can be accomplished with a combination of SetEnvIf and the Deny and Allow directives. However, it is important to understand that any access restriction based on the
     REFERER header is intrinsically problematic due to the fact that browsers can send an incorrect REFERER, either because they want to circumvent your restriction or simply
     because they don't send the right thing (or anything at all).

     The following configuration will produce the desired effect if the browser passes correct REFERER headers.

     SetEnvIf REFERER "www\.mydomain\.com" linked_from_here
     SetEnvIf REFERER "^$" linked_from_here

     <Directory /www/images>
         Order deny,allow
         Deny from all
         Allow from env=linked_from_here
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.


There is a PAQ which is very long (and detail).  Please take a time and see if it fits.


Another PAQ - this one is proposed by me.

So pick the best approach that you're most comfortable.

However please be advised that any http header cound be faked, the the approach might fail.  Anyhow, for most scenario, it should work.



Still deciding on which is the best, OR none worked.

awaiting response.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial