We help IT Professionals succeed at work.

Is there any way to restrict the downloading of files within a subfolder using special .htaccess rules?

egoselfaxis
egoselfaxis asked
on
We have a bunch of client files sitting in a "uploads" folder on our Apache-based site.  Although the directory itself is NOT browseable (403 forbidden - Directory Listing not allowed) ... the client has become concerned that the files themselves might be compromised somehow, .. or indexed by search engines.

Is there any way that we can apply special .htaccess rules to that uploads folder so that the files contained within it can only be downloaded using a PHP script (or something like that)?  We're just looking for a way to secure those files somehow -- without having to reprogram the site so that the file uploads are stored and served up from outside the site root.  Please advise.

Thanks
- Yvan
Comment
Watch Question

Most Valuable Expert 2011
Top Expert 2016
Commented:
For the most safety, move the directory outside of the WWW root.  But that said, if your server returns a 403 forbidden to browsers, you are also returning a 403 forbidden to search engines.  No compromise is likely at all since you're not sending the data -- just the "forbidden" headers.
Ess KayEntrapenuer
CERTIFIED EXPERT

Commented:
here is some info for it

http://www.javascriptkit.com/howto/htaccess.shtml

hope it helps
Refer to the article http://www.experts-exchange.com/OS/Linux/A_8789-How-websites-can-be-redirected.html. You may need some customization as per your requirement
Most Valuable Expert 2011
Top Expert 2016

Commented:
Was there something wrong with this answer?  Why did you mark it down to a "B"?  What was missing?

Explore More ContentExplore courses, solutions, and other research materials related to this topic.