httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: [users@httpd] Hide the URL when Downloading a File
Date Sat, 26 Oct 2002 22:01:07 GMT

Hi Mary,
I think what you want to do is prevent people from directly linking to the
PDF files.

You can either do it on the web server level, or on the server-side
scripting level (e.g. PHP or JSP).

All you have to do is check for the referer VARIABLE.

--- Server Level:
If you want to do it on the server level, you will have to use
"mod_rewrite" module and HTTP_REFERER variable. There is a good example @  under the section
titled "Blocked Inline-Images". You will have slightly modify it to match
your file types.

--- Sever-based scriptting level:
Here is some sample PHP code
$referer = $HTTP_REFERER;
if($referer) {
     if (ereg("http://testbrass.web.boeing/download/", $referer))
     else {
          header("Location: http://some_other.url");
else {
header("Location: http://some_other.url");

I hope this helps.

In Peace,
Saqib Ali

"I fear, if I rebel against my Lord, the retribution of an Awful Day (The
Day of Resurrection)" Al-Quran 6:15

               (Embedded image moved to file: pic30714.jpg)

                    "Wang, Mary Y"                                                       
                    <        To:     "''" <>
          >            cc:                                         
                    No Phone Info         Subject:     [users@httpd] Hide the URL when Downloading
a File                   
                    03:54 PM                                                             
                    Please respond                                                       
                    to users                                                             

Hi Everyone,
I have been thinking about this problem for a while, but no solution at
point.  I need your help!
I have some files located in a directory on the server for downloading.  I
can't really protect the directory because the user and
group id are all defaulted to "apache".

When the user is downloading a file, a href is point to the URL, it would
grab the file from http://testbrass.web.boeing/download/test.pdf.
The problem is that all my security check is done thru .php file.  On the
browser, it would show the URL as above, and
any unauthorized users could just copy that URL and get that file.  I don't
want to set up the .htaccess thing right now for my own reasons.  My
question is that
is there any way I can disguise this URL to some garbled URL, so that http
clients CAN'T see the URL and only server code
can process the correct URL?  Can I configure this in httpd.conf?

Thanks for any input!

(562) 797-1545

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message