Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Apr 2004
    Thanked 0 Times in 0 Posts

    Block all access to folder sans one page?

    I am not 100% sure how to do this, but here it is:

    All of my download files are kept in a hidden folder on my server. But for those that have bothered to check the source file and find the dir path, I would like to take an extra step in security and make it so that to access ...com/x/y/
    you have to be coming from ...com/download.php

    Is this at all possible?

    I would even go so far as to say I want to block access to that directory from everyone else on my site as well.

    Additionally, what would be the code for a go to page, like ...com/tryagain.php ?

    Thanks a bunch.

  • #2
    Super Moderator
    Join Date
    May 2002
    Perth Australia
    Thanked 101 Times in 99 Posts
    in what language ?

    HTTP_REFERER in some browsers carries the name of the sending page , but thats not reliable and easily spoofed.

    The only effective way is to utilise sessions or cookies to determine where the user has come from and if they have the right to do anything in that folder , in fact you would normally utilise a page outside of your downloads folder to stream the download for you & htaccess protect the download folder to no-one but the locahost (e.g. your script)
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts