It’s a common problem, solved many times, but for some reason i cannot find the right information.
Some constraints and requirements:
- Technique for LAMP stack.
- Fine-grained control of which files are accessible.
- No basic authentication with htpasswd files, i want to provide a custom login frontend.
- Should be able to securely protect and serve big video files
How do all those sites protect their files from public without using basic authentication?
Thanks!
A similar question: Performance-oriented way to protect files on PHP level?
You would usually redirect any requests for the media files to a PHP script. The PHP script does the login authentication, and on success, loads the requested media file from a protected location, and passes it through to the browser, for example using
fpassthru()orfread().You can set up a very elegant solution using a set of
mod_rewriteinstructions, for example rewritinginternally to
the method is not cheap, as the PHP interpreter has to be started for every download, and pass through every byte of the file. For a discussion of possible alternatives, I asked a question about that a few months back: Performance-oriented way to protect files on PHP level?