File Protection using htaccess

Forum Moderators: phranque

Message Too Old, No Replies

File Protection using htaccess

Using rewrite rules to avoid direct linking

Daleeburg

4:42 pm on Aug 31, 2007 (gmt 0)

I am trying to make it so that a file can not be directly linked to for download, the user must be authorized though a login script that leaves a id in a session variable. The problem is that I need to somehow redirect the user from the direct download to the log in.

First off, am i right in using htaccess, or should i use something else?

Second, here is the code i have been working with, but it doesnt work, any suggestions?


RewriteEngine On
Options +FollowSymLinks# Rewrite /files/yyyy.zzz to test.php?file=yyyy&type=zzz
RewriteRule ^/files/([^/.]+)$.([^/]+)$ /test.php?file=$1&type=$2 [NC,L]

[edited by: Daleeburg at 4:43 pm (utc) on Aug. 31, 2007]

sc112

5:37 pm on Aug 31, 2007 (gmt 0)

Re:

RewriteRule ^/files/([^/.]+)$.([^/]+)$ /test.php?file=$1&type=$2 [NC,L]

I can see some syntax errors there. Try:

RewriteRule ^files/([^\.]+)\.([^/]+)$ /test.php?file=$1&type=$2 [NC,L]

I assume this is in .htaccess, and as Jim would point out, you don't use a leading /.

Daleeburg

6:54 pm on Aug 31, 2007 (gmt 0)

Thank you, that worked.

Daleeburg

3:46 pm on Sep 12, 2007 (gmt 0)

So i changed one thing and tried to change the htaccess, but apparently it doesnt work.


RewriteRule ^file_man/files/([^\.]+)/([^\.]+)\.([^/]+)$ /file_man/test.php?file=$2&type=$3&user=$1 [NC,L]

any thoughts?

jdMorgan

5:09 pm on Sep 12, 2007 (gmt 0)

"([^\.]+)" means "match one or more characters not equal to a literal period." Basically, this "consumes" all the characters it can, up to the first period.

You probably intended "([^/]+)", meaning, "match one or more characters not equal to a slash" or, put another way, "match characters until you find a slash."

Note that it's not necessary to use "[^\.]". Within an alternate character group (defined by square brackets), most characters do not need to be escaped, so "[^.]" should work fine.

Jim

sc112

5:11 pm on Sep 12, 2007 (gmt 0)

RewriteRule ^file_man/files/([^\.]+)/([^\.]+)\.([^/]+)$ /file_man/test.php?file=$2&type=$3&user=$1 [NC,L]

You want the first ([^\.]+) to match all characters except a /, not a dot.

sc112

5:22 pm on Sep 12, 2007 (gmt 0)

Hi, Jim. Thanks for that tip about [^.].

Daleeburg

5:13 pm on Sep 19, 2007 (gmt 0)

Sorry It took so long to respond, I was out of town for a while, and then i updated my apache server so the normal trouble insued.

I tried what you said, but it still wont work.

I am trying to make it so that if people go to wwww.website.com/file_man/files/(a number)/(a file name).(a file extension) They can not download the file unless they login and get it though a forced download.

here is what i am up to now.


RewriteEngine On
Options +FollowSymLinks# Rewrite /file_man/files/#*$!x/yyyy.zzz to test.php?file=yyyy&type=zzz&user=#*$!x
RewriteRule ^file_man/files/([^/]+)/([^\.]+)\.([^/]+)$ /file_man/test.php?file=$2&type=$3&user=$1 [NC,L]

Instead of doing a rewrite should i maybe do a redirect?