Home/ Questions/Q 737989
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T07:47:07+00:00

So I have this php web app, and one of my folder contains some

  • 0

So I have this php web app, and one of my folder contains some files that can be downloaded.

I have a download script that modifies the headers, in order to always offer a download link. (instead of showing a picture for example, when you click on a link, a download box pops out)

Right now, if you enter a url like: http://www.mywebsite.com/content/
You get the listing of all the downloadable files, and of course, you can just download them all, without going through the website interface.

Personally, I don’t think it’s a problem, since I often use downthemall or other downloading tool, and this type of access is a great time saver….

But of course my company does not think so :-p They want people to use the interface in order to view the Ads…

Would they be a way, maybe with a protected .htaccess, to leave the folder access to my download script, but deny access to the users…?

I hope I am making sense and you know what I mean 🙂

All help/remarks appreciated!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can make a .htaccess file and enter Options -Indexes this will disable listing of the files in the directory.

    If you also need the traffic to originate from your site you will need to make a file say… index.php with code that checks $_SERVER['HTTP_REFERER'] to see if the traffic originates from your site.

    EDIT

    Oh I forgot you can actually fix it all in the .htaccess:

    Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://your-host.com/.*$ [NC]
RewriteRule ^.* /403-page [L,R]

    This will do all the work of the script I suggested, so you won’t need it anymore.

    • 0