Forum Moderators: phranque
<FilesMatch "^(.*)$">
ForceType application/force-download
</FilesMatch>
I have this on a folder, so that all files under it will be downloaded, not parsed on my server. Is this safe? Suppose I have a file.php on that folder, is there anyway someone could be able to actualy run it (for shady purposes) instead of downloading it, as its supposed to do?
Now, about hotlinking.
I want to prevent EVERY SINGLE FILE on folder files/ to be hotlinked (or direct linked). How can I do that? Also, that is not 100% safe right? One could simply change the HTTP REFERRERS, correct?
thanks in advance
The subject of hotlinking protection has been fairly-well-covered here, so I suggest you try a search [google.com] and read some of the previous threads.
As long as you have defined the MIME-type of all files as application-, then they will be downloaded. Further, you can set "Options [httpd.apache.org] -ExecCGI" on that subdirectory to prevent anything from executing in it.
Your code contains unnecessary regex tokens in FilesMatch; You can achieve exactly the same thing with the shorter/faster:
<FilesMatch ".*">
or
<Files *>
Jim
