htaccess direct file access deny

Forum Moderators: phranque

Message Too Old, No Replies

htaccess direct file access deny

syktek

5:37 pm on Jun 29, 2005 (gmt 0)

i have a directory online with word documents, what i would like to do is if someone types in:

mysite.com/docs/1.doc

it returns 403 which i was able to do with this:

but i do want people who are logged in and click on the link to have access to the files. the usernames and pw's are stored in a mysql database. is there anyway to allow access to the files if they click on a link opposed to just entering the url to the file?

syktek

6:14 pm on Jun 29, 2005 (gmt 0)

basically if they didn't click on a url in the pages directory i don't want them to have access to anything in the files directory...if that helps make more sense

maybe a referer saying if they didn't come from the /pages/ dir they can't access anything in the /files/ dir?

j4mes

6:29 pm on Jun 29, 2005 (gmt 0)

Hi syktek,

We need to know what kind of "logging in" people are doing.

If it's just straight on to the server with Apache's authentication, you can use something like:

AuthType Basic
AuthName "Login"
AuthUserFile /[...]somewhere[...]/.htpasswd
require valid-user

but we really need some more info.

Cheers,

syktek

6:51 pm on Jun 29, 2005 (gmt 0)

actually it looked like this worked

rewriteengine on
rewritecond %{HTTP_REFERER}!http://address/they/need/to/come/from
rewriterule whateveryouwant

saying if they don't come from that specific directory to not let them have access. testing it out now!

thanks