Solved

deny public download of files using htaccess

Posted on 2014-03-16
2
316 Views
Last Modified: 2014-03-18
Hi all,

We have a wiki app that uses apache authentication. On some pages there are files that can be downloaded. Some of them are pdf files, some excel or word. We only want to allow users that are logged on to have access to download these files. If someone who isnt logged on tries to directly access a link to download one of these files we want that blocked.

I believe I can use a referrer check and deny access to download these files unless the users is coming from within the site

So if our site is https://thewiki.com I could believe I can deny this way:

RewriteCond %{REQUEST_FILENAME} \.(xls|xlsx|psd|7z|zip|doc|docx)$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(?:www\.)?thewiki\.com(?:/|$) [NC]
RewriteCond %{HTTP_REFERER} !^https://(?:www\.)?thewiki\.com(?:/|$) [NC]
RewriteRule .* - [F]

If the above works do I need to put it in the folder where the uploaded files reside or the main root htaccess file?

Lastly I was thinking it might even be better to simply deny all access unless the user is authenticated. Our wiki uses apache authentication. So could I deny this way?

Order deny,allow
Deny from all
authenticated-only ?
0
Comment
Question by:binovpd
2 Comments
 
LVL 26

Accepted Solution

by:
arober11 earned 500 total points
ID: 39937870
Personally i'd go for the latter method, but you'll need access to the httpd.conf. Also note the vital directive is Require valid-user not authenticated-only

<Directory "/srv/www/xxxxxxxx/wiki">
  Options FollowSymLinks Indexes MultiViews
  AuthType Basic
  AuthName "Registered wiki users Only"
....
  Require valid-user
....
  AllowOverride All
  Order allow,deny
  Allow from all
</Directory>

Open in new window

0
 

Author Comment

by:binovpd
ID: 39937938
Thanks arober11. I finally figured it out. Your answer is exactly what I did so I'll reward you the points.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Htaccess - if subdomain "dev." 2 78
Change local server setting in php 6 87
LINUX CENTOS + APACHE 9 68
Domino Website - Redirection 12 76
Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question