I would like to block for the possibility for other users to directly link to some files om my server due to bandwidth usage.
I have some files available for download at my site. The files are stored outside the public www folder and I have a script for retrieving the files.
However the script is merely something like getFile.php?id=23 so anyone can just reference it using http://www.mysite.com/getFile.php?id=23.
I can easily do a referere checkbut as I understand it the referere can be spoofed.
So I thought about setting a session variable on my download page where the link to the files is. When calling getFile.php it will check for the session variable to make sure the user actually came from the download site.
Is this the way to go about the issue or am I missing something? Maybe this could be done with a simple Apache directive instead?