使用的.htaccess来限制访问文件下载 [英] Use .htaccess to limit access to file downloads
问题描述
我的下载像product.exe静态文件。我想限制访问 这些文件.htaccess文件,这样只有特定的用户可以下载它。
I have downloads for static files like product.exe. I want to limit access to these files with a .htaccess file so that only certain users can download it.
我觉得这个可以有mod_rewrite的处理,我发现这个片段在网上 阻断不良网站使用引荐。
I think this can be handled with mod_rewrite and I found this snippet online that blocks bad sites using the referrer.
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} http://example.com/downloads/confirm/3811 [NC,OR]
RewriteRule .* - [F]
来源: http://www.javascriptkit.com/howto/htaccess14.shtml
而不是基于引用堵,我想根据引荐允许。这样一来,引荐能不能在没有首先登录访问的网址。我的想法去这条路线,并使用HTTP引用赋予权限的文件。我知道这可能不是做的最好的办法,我想引用者有可能被欺骗,但它并不一定要固定。我也向你敞开,可能要为limitting访问其他的想法。
Instead of blocking based on referrer, I want to allow based on referrer. That way, the referrer can be a URL that cannot be accessed without first logging in. I am thinking about going this route and using the http referrer to give permission to the file. I know it may not be the best way to do it, and I guess the referrer can be spoofed, but it does not have to be THAT secure. I am also open to other ideas you may have to for limitting access.
推荐答案
如果您要根据介绍人允许:
If you want to allow based on Referrer:
RewriteCond %{HTTP_REFERER} !^http://goodsite-1.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://goodsite-2.com/from/there.php [NC]
RewriteCond %{HTTP_REFERER} !^$ # There are some users/browsers not sending referrer..
RewriteRule .* - [F]
也可以允许基于一个cookie,你可以之前设置如PHP的:
Or you can allow based on a cookie, which you can set before with e.g. PHP:
RewriteCond %{HTTP_COOKIE} !^.*cookie-name.*$ [NC]
RewriteRule .* - [F]
或者也只允许POST请求:
Or also only allow Post requests:
RewriteCond %{REQUEST_METHOD} !=POST
RewriteRule .* - [F]
和你链接的POST请求在你的HTML文件下载:
and your Link for 'post request' in your HTML to the file to download:
<form method="post" action="path/to/download.mp3">
<input type="submit" value="Click here to download!" />
</form>
其实你可以结合这些方法。
Actually you could combine these methods.
这篇关于使用的.htaccess来限制访问文件下载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!