machine_run
asked on
Prevent download of files???
Is there a way to prevent a user who has a URL to a file (PDF) from downloading it? I have a site built in PHP. I need to prevent PDF downloads by users who are not logged into the site, but the URLs of PDF documents are getting around.
TIA
TIA
Would restrict the directory where the PDFs are stored to logged in users only.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Users get an error if they go to the directory itself, but how can one restrict access to contents?
Do they get an HTTP 403 error?
ASKER
404 (Page Not Found) Error when they go to a directory
You can restrict access to the contents by putting the directory outside of the WWW root. As a result, there will be no URL for any of the contents of the directory. A script that is inside the WWW root tree (and therefore has a URL) can access the directory to allow a download, but the external clients cannot; they must go through the script. If that script is password protected, you're relatively safe.
Just remember, no matter what protections you put on your site, once a file has been downloaded, it has been released into the wild. That's why it may be smart to mark the downloaded files showing who downloaded them. It may discourage unauthorized distribution.
Just remember, no matter what protections you put on your site, once a file has been downloaded, it has been released into the wild. That's why it may be smart to mark the downloaded files showing who downloaded them. It may discourage unauthorized distribution.
What Ray suggested is correct.
Here is another reference using .htaccess.
stackoverflow.com/question s/2187200/ using-php- apache-to- restrict-a ccess-to-s tatic-file s-html-css -img-etc
Here is another reference using .htaccess.
stackoverflow.com/question
ASKER
THANKS