Securing files but allow access via web page?

Forum Moderators: phranque

Message Too Old, No Replies

Securing files but allow access via web page?

AnselTk1

7:23 pm on Mar 23, 2012 (gmt 0)

I have files saved by CKEditor in this location and it's subfolders:

boomcms/cmsassets/editorassets/

Now - here is what I would like to do:

Prevent anyone from outside my website getting access to the files directly by typing into their browser:

http://www.example.com/boomcms/cmsassets/editorassets/myfile.pdf

However if you are on my web page at http://www.example.com/mypage.php you are able to click on a link and still get the file.

I know that I can restrict access to the folders above, but that also restricts anyone from clicking a link on my website to get the file. Is there some sort of referrer I can specify that says if the request comes from someone on this web domain/page allow them access?

Is this doable via .htaccess?

[edited by: incrediBILL at 6:22 am (utc) on Mar 24, 2012]
[edit reason] fixed URL w/example.com [/edit]

phranque

1:07 am on Mar 24, 2012 (gmt 0)

welcome to WebmasterWorld, AnselTk1!

the only thing you can do in .htaccess is check the referrer.
however this can be spoofed and if you use a missing referrer you could exclude valid requests that don't supply a referrer for a variety of reason.
within your application you could use a cookie to indicate the referring page had been loaded but the cookie may also be missing from "valid" requests.