Link to home
Start Free TrialLog in
Avatar of machine_run
machine_runFlag for United States of America

asked on

Prevent download of files???

Is there a way to prevent a user who has a URL to a file (PDF) from downloading it? I have a site built in PHP. I need to prevent PDF downloads by users who are not logged into the site, but the URLs of PDF documents are getting around.

TIA
Avatar of Schuyler Dorsey
Schuyler Dorsey
Flag of United States of America image

Would restrict the directory where the PDFs are stored to logged in users only.
ASKER CERTIFIED SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of machine_run

ASKER

Users get an error if they go to the directory itself, but how can one restrict access to contents?
Do they get an HTTP 403 error?
404 (Page Not Found) Error when they go to a directory
You can restrict access to the contents by putting the directory outside of the WWW root.  As a result, there will be no URL for any of the contents of the directory.  A script that is inside the WWW root tree (and therefore has a URL) can access the directory to allow a download, but the external clients cannot; they must go through the script.  If that script is password protected, you're relatively safe.

Just remember, no matter what protections you put on your site, once a file has been downloaded, it has been released into the wild.  That's why it may be smart to mark the downloaded files showing who downloaded them.  It may discourage unauthorized distribution.
What Ray suggested is correct.

Here is another reference using .htaccess.

stackoverflow.com/questions/2187200/using-php-apache-to-restrict-access-to-static-files-html-css-img-etc
THANKS