Prevent direct external download of files

2012-02-21  Source: Original Site  Category:PHP  Views:0 


I would like to block for the possibility for other users to directly link to some files om my server due to bandwidth usage.

I have some files available for download at my site. The files are stored outside the public www folder and I have a script for retrieving the files.

However the script is merely something like getFile.php?id=23 so anyone can just reference it using

I can easily do a referere checkbut as I understand it the referere can be spoofed.

So I thought about setting a session variable on my download page where the link to the files is. When calling getFile.php it will check for the session variable to make sure the user actually came from the download site.

Is this the way to go about the issue or am I missing something? Maybe this could be done with a simple Apache directive instead?

Related articles
  • Prevent direct external download of files 2012-02-21

    I would like to block for the possibility for other users to directly link to some files om my server due to bandwidth usage. I have some files available for download at my site. The files are stored outside the public www folder and I have a script

  • prevent direct url downloads using browsers 2012-08-25

    I want to prevent direct url downloads using browsers for some doc and pdf files from my site i want those files to put them in a different directory (out of my site directory)so the visitor not to be able to dowload them or to view those files using

  • prevent direct access to a file 2012-12-03

    I have a file index.php with script on a link, which opens new window with myfile.php, using JS method. The page itself is based on PHP. What i need to do is to prevent direct access to that JS popup window file. For example, if i press a

  • prevent direct access to php files with htaccess 2014-06-10

    Sorry if this has been answered a million times but I've not found one post yet that actually works. The one that does prevent access basically prevents ALL access even if they were to go through the form correctly thus cutting off complete access. I

  • Using sessions to prevent direct access of frameset files 2012-05-18

    I'm creating an HTML sandbox that utilizes a frame page. Top is HTML submission, bottom is output. I would like to ensure that the top and bottom pages are never accessed directly, since they both require variables that can't be set for obvious reaso

  • Streaming and downloading wmv files 2014-05-24

    I stream a little wmv video (4MB) from my web site. I was asked to allow the possibility of downloading it by a click, for having it off-line. However, the use of a button to start the download has a disadvantage: when the visitor clicks this button,

  • prevent direct download 2014-03-30

    i want to prevent direct download in my website which is being developed using php. i think you people would understand what i am meaning: Prevent direct download that if user try to download then i should give them output by reading this file. pleas

  • Ubuntu Howto download ISO files directly to a CD\DVD\BLU-RAY 2014-01-01

    It is possible to download .iso files “almost” directly onto a cd\dvd\blu-ray disk. “almost” because only a very a few KiB at most are going to be used as a buffer on the drive during the process. The following process is especially ideal for users r

  • Prevent Direct (Hot) linking to Downloads 2015-04-04

    Hay guys, I want to prevent the hotlinking to files on my site, so i have decided to use a system that uses PHP and a MySQL database to download files using php functions (). I will essentially be putting the onclick html function to launch a php fun

  • How can I prevent users from downloading mp3s but still access them via flash player 2014-05-19

    So here's my site's situation. On one of my pages I have a flash document that acts as a music player; this flash doc is accessing .mp3 files located in sub folders on my host's (linux) server. The way the access is setup on my site a user can't acce

  • Directly Open PSQL .dat Files Without a Server Installed 2012-02-26

    I need to open, view and possibly edit some .dat files from Pervasive PSQL 10 (generated by Peachtree 2009 Premium). I downloaded the Pervasive PSQL 10 client tools and opened the Pervasive Control Center, but I wasn't able to find a way to directly

  • Downloading XML File from TEXT FIELD 2012-03-26

    I have XML files stored in a TEXT MYSQL Field. I would like to be able to download those files by clicking on some links. My question is, do I have to create a file on the server from the TEXT Field before downloading or is there a way to download di

  • Ubuntu Unable to download wmv files need help diagnosing 2012-05-21

    If this post would be better placed in another forum, please feel free to move it. OS=Juanty. I am not aware of any firewall on my system. I have never noticed this problem since the beginning of time on my pc, but I am not sure whether or not I have

  • force download and file size 2012-06-08

    i have successfully created a download script to force a user to download, however attempting to download large files causes an error saying that the file cannot be found. my code > header("Cache-control: private"); header("Content-Type: applicati

  • Ubuntu Chromium always download .pdf files 2012-08-07

    Hello, I am using chromium browser 12.0.742.112 (90304) with lubuntu 11.04 in an old laptop. When I choose to open a link which is a .pdf file, i.e.,, chromium always download the fi

  • Automating SCP to download backup files 2013-02-26

    I'm trying to set up a means of automatically downloading backup files from my slice to my local (Linux) machine, using scp. I need this to not require a password. To my understanding, it is possible to arrange things so scp (or ssh, I guess) authent

  • Ubuntu Defining php constant to prevent direct access...error! 2013-03-16

    In an attempt to prevent direct access to my scripts and included files I have defined constants using the define() function, which are then checked in the script files, and I have used the die() function if the constant is not defined. This does wor

  • download remote file to server (php) 2013-04-09

    ok, guys, i have a problem. I have a php script that logs into a third party ssl "https" server, constructs a URL for a file download. I need to know if it is possible to download the file locally onto my server, and then display it to the user from

  • Code for downloading a file from URL without the name of the file 2013-08-25

    I try to find out how to download any file from a URL that doesn't specify. For example: ^^This URL directs to an .mp3 file, which is the spoken text by Google Translate. I have this code already, b

  • Ubuntu adding downloaded .deb files to synaptic in dapper 2014-02-13

    I successfully updated my off line dapper machine's package list and downloaded the some packages with dependencies. How can I add the downloaded files to synaptic through the option add downloaded packages. It does not me to add .deb files directly.