I assume you're using a script to serve the files from the 'hidden' directory?

If so, place an .htaccess file in www.domain.com/downloads, and put this in it:

<Files *>
Deny from all
</Files>

That should do it. The directory is now inaccesible using HTTP, and can only be read by scripts on your server.

See Apache mod_access [httpd.apache.org] for more information.

Jim

it is working perfectly.
thank you very much for your help.

again problem, now its not allowing to download files even from script

after loggin in user can see links like

<a href="domain.com/downloads/file.zip">Click here to download</a>

after i pasted a .htaccess file with your told code, it is not allowing to download files even with the above links..

please guide me about this

thanks in advance

I'm afraid you musunderstood what I said. The method will only work if you use a script, such as PERL or PERL, to check whether the user is authorized by a cookie or by logging-in. If the user is authorized, then the script reads the requested file as an internal server file read operation, and outputs it to the client;s browser.

If you use a link as you showed, then the download is done as a direct HTTP request to the file. And since the code I posted prevents any access via HTTP, it will be blocked.

I apologize if my post was not sufficiently clear, but as I wrote, the method only works if you use a script to prevent unauthorized access.

Jim

Can i protect my folder with the method i am following? if yes, then how?

thanks in advance for your time.

> Can i protect my folder with the method i am following?

I'd suggest moving the folder with the download files to a subfolder of any folder that requires login. That is, if you must login to see /pages/page.html, then you must also be logged in to see /pages/downloads/song.mp3

Jim