Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

How Would You Go Protecting An eBook Downloads

4:24 am on May 7, 2010 (gmt 0)

Full Member

10+ Year Member

joined:June 16, 2004
votes: 0

Hi, looking for what steps,guides or others resources that i should look at. Basically i got an ebook that a customer downloads after he purchases, how would i protect that folder so that no one can directly download it from the outside? I got a script in place that adds a key in the database, and whenever the user downloads the file that key is disabled. However my concern is protecting the folder from the outside, in .htaccess is it possible to only allow that .php file access to that folder?
4:36 am on May 7, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 12, 2009
posts: 137
votes: 0

I am novice in this but

for search engines you can use robo.txt to disallow indexing and for direct access by the user,
1: use dynamic urls to hide original url from the user view. For example use this in .htaccess file

www.yourdomain.com/download/file?id=<Your Key in the database>

should be interpreted at server level
www.yourdomain.com/download/downloadRequest=<Your Key in the database>

The other option that comes to my mind is to user apache folder properties. Like 6-6-6 or 4-5-6. I am not sure whats your server properties so check at your end.

Hope this helps :-)
11:25 am on May 7, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Feb 22, 2009
votes: 0

Hi there BlackRaven,

Well one way as you could make the folder a little more secure is to stop directory browsing, or have the download dir outside the domain so that joe public cant access it anyway. This seems to be standard practise when storing media etc.

For stopping the directory browsing try this:-

<Files .htaccess>
order allow,deny
deny from all

Place this in your .htaccess file, it works for me!

The method that impact describes is good for 'masking' the technolgy that you are using to generate your site, which is good, and it makes your pages index more easily from SEO point of view, but, having the files IN the domain is a bad idea as this is always at risk from people reading the url or page source, finding the dir, and without the prevention of directory browsing there, pinching all your data!

The better way IMHO (though there may be better ways that I haven't found) is to have the files stored in a directory outside your domain, then this at least prevent joe public being able to browse to it.

Hope this helps,


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members