It's not clear here why you cannot access the directory in the first place. Is it password-protected, or what is the problem?

If you are talking about scripts accessing content in this directory, then you shouldn't have a problem unless those scripts are accessing content using a URL instead of a proper server-internal filepath. If this is the case, be aware that doing so forces the script to make an HTTP request from your own server, and that this is hundreds of times less efficient than simply including a local file using a filesystem read. Access restrictions such as those implemented in .htaccess have no effect on local filesystem access; They only affect HTTP access, as implied by the names ".htaccess" and "httpd.conf".

Please clarify... Use specific examples of configuration directives and script lines if necessary.

Jim

More info.

I have tried the following but I get odd behavior. I get accessed denied when I try to access directly for jpg files but flv file want to download...?

This is all I have in my htaccess file It seems to premit a

Order Deny,allow
I tried

Deny from all

<FilesMatch "\.(php)$">
allow from all
</FilesMatch>

To allow access to my PHP file but that does seem to work

I'm having great difficulty understanding your problem, and you did not answer my question above.

Why not start with "Allow from all" and proceed to restrict access on only those filetypes that need protection, rather than "going backwards" by protecting everything and then trying to figure out what you want to allow? You may want to try this, at least as a test.

If the .flv files want to download instead of playing, then that indicates that your server has not been configured to send the correct Content-Type response header (indicating the MIME-type) as it serves .flv files. Try adding

AddType video/x-flv .flv

to your .htaccess file.

Jim

Hi,

I have a directory "docs" that I typically have protected file with a simple HTACCESS DENY FROM ALL

I server those file with PHP - No problem with my app (jpgs, docs, etc.)

Now I want to present some media files Flash FLVs, and potentially .MOVs .WMVs embedded in a viewer page. The FLV needs to be reference within a SWF file and so reading the file data and presenting for viewing or download with PHP headers won't work here.

What I was attempting to do was allow a PHP file with my SWF object embedded to read the file.

I'm going to try reading the file into a variable and put it into the SWF object. Never tried that before...

There are gaps in my understanding of ht access and servers so I may just be going about this incorrectly.

If I could restrict by IP address I would be good but I can't because of my host.

Adding the content type doesn't fix my issue.

The only thing I can think to do really is put the directory above the web root. But I have tons of content already in the docs folder and might have to alter quite a few database entries.

I didn't want to do that.

Any last ideas?

> What I was attempting to do was allow a PHP file with my SWF object embedded to read the file.

You can't embed a media object in a PHP file. You can only embed the object in the HTML page produced by that PHP file.

It is not that the PHP file 'reads' the media file, it is the client browser loading that object based upon the HTML produced by your PHP script on your server.

This may be largely a matter of semantics, but may help clarify the issue for you.

I suggest that you have your PHP script(s) set a short-term cookie or a session cookie based on the visitor having loaded an "authorization page" on your site or having logged-in, subscribed (or whatever makes sense on your site), and then allow access to a separate media-file subdirectory where access permission is based only upon the presence and validity of that cookie. Mod_rewrite can easily check cookies and either allow access to the subdirectory path or return a 403-Forbidden response.

Mod_setenvif *may* be able to examine HTTP cookie headers as well, but I haven't tried it -- or I don't remember having done so.

Jim

Thanks Jim,

I wasn't aware of mod_rewrite's ability to do that.

I will look into it.