From my previous discussions here i took away the fact that files are secure if you put them under the root. I spoke with the person who handles this for me, he says if we block public access, then users who uploaded their content can’t download or view their files. to give you an example of what i am trying to do:
If i, a member of the site upload to my account a word file, then i should be able to come back and download it. But because the folder is blocking access, how can the file then be downloaded?
Normally, files that you want to be downloadable should be inside the document root or somewhere deeper inside it. But, if you only want to make files downloadable some of the time (e.g. you want to check user credetials first, or count downloads in a database), you can write a download script. The simplest form would be something like:
Note that there’s an even better way using a special Apache module called
xsendfile. With that, you could do something like this:Apache will see the second header, strip it and send the contents of file.txt. The nice thing is that your resource intensive PHP script will already have stopped and you won’t be running into any kind of PHP time or memory limits.