woleraymond
asked on
restriction to directly accessing any file by typing in the address bar
I will like to restrict access to a certain directory on my webserver if users directly access any file by typing in the address bar.i will like only privilege users to be able to do that by clicking a link.
how do i achieve this with php
how do i achieve this with php
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oscurochu: I disagree, some versions of antivirus totally block referer, and referer can be faked on client side easily.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ahoffman,
How does your solution prevent access to the files by direct typing or bookmarking of the link? I think that is what is being requested here.
Also, can't you effectively prohibit access to a directory by including an index.php that redirects to an error page (could even be a 401: unauthenticated, a 403: unauthorized, or a 404: file not found). That still leaves you with protecting the files themselves but there have already been a few solutions for that.
- Neil
How does your solution prevent access to the files by direct typing or bookmarking of the link? I think that is what is being requested here.
Also, can't you effectively prohibit access to a directory by including an index.php that redirects to an error page (could even be a 401: unauthenticated, a 403: unauthorized, or a 404: file not found). That still leaves you with protecting the files themselves but there have already been a few solutions for that.
- Neil
ASKER
pls go ahead with the solutions
There are ways of accomplishing this with custom httphandlers, requiring server side additions to make file content different, or by retrieving the file from a directory on your server that is not publicly serving to the web and writing the contents out. Do you have access to your server or is it hosted third party?
Also, are you against having the file entirely in a database? If not, you can read the contents of the file from the database on each request of a file. At that point you can do all the server-side authentication you want to make sure the user is who they say they are.
> How does your solution prevent access to the files by direct typing or bookmarking of the link?
see 1. "outside DocumentRoot" in http:#19545326
> pls go ahead with the solutions
what's wrong with mine?
see 1. "outside DocumentRoot" in http:#19545326
> pls go ahead with the solutions
what's wrong with mine?
@hoffman
try it out ahoffman, you will be able to link to files that aren't handle by your http, like images. the directory is secure because it server files are protected from access.
That is why the solution has to come from a type of file that the server handles.
If the files cannot be put into a database then the solution will need to be a little more difficult to implement. If the files can be stored in a database then you can protect a single page that authenticates a request then streams/writes the file dynamically from the database to the user.
try it out ahoffman, you will be able to link to files that aren't handle by your http, like images. the directory is secure because it server files are protected from access.
That is why the solution has to come from a type of file that the server handles.
If the files cannot be put into a database then the solution will need to be a little more difficult to implement. If the files can be stored in a database then you can protect a single page that authenticates a request then streams/writes the file dynamically from the database to the user.
lunadl, not sure what you want to tell me
But lets wait 'til the questioner responds to the suggestions.
But lets wait 'til the questioner responds to the suggestions.
ASKER
i am actually protecting pdf documents in the directory