Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
04-30-2004, 12:09 AM #1
- Join Date
- Apr 2004
- Thanked 0 Times in 0 Posts
Block all access to folder sans one page?
I am not 100% sure how to do this, but here it is:
All of my download files are kept in a hidden folder on my server. But for those that have bothered to check the source file and find the dir path, I would like to take an extra step in security and make it so that to access ...com/x/y/
you have to be coming from ...com/download.php
Is this at all possible?
I would even go so far as to say I want to block access to that directory from everyone else on my site as well.
Additionally, what would be the code for a go to page, like ...com/tryagain.php ?
Thanks a bunch.
05-02-2004, 03:49 AM #2
- Join Date
- May 2002
- Perth Australia
- Thanked 98 Times in 96 Posts
in what language ?
HTTP_REFERER in some browsers carries the name of the sending page , but thats not reliable and easily spoofed.
The only effective way is to utilise sessions or cookies to determine where the user has come from and if they have the right to do anything in that folder , in fact you would normally utilise a page outside of your downloads folder to stream the download for you & htaccess protect the download folder to no-one but the locahost (e.g. your script)
MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)