保护可下载文件的最佳策略 -php/mysql Apache2 服务器 [英] Best strategy to protect downloadable files -php/mysql Apache2 server

问题描述

我将尝试找出如何保护目录免受未经授权或未经身份验证的用户下载文件的影响.提前致谢.

I'll trying to figure out how to protect directory from unauthorized or not autentificated user to download files. Thank's in advance.

推荐答案

找不到好的副本，但稍微搜索一下就会出现这样的结果 PHP 保护文件夹

Can't find a good duplicate, but a little search will bring up results like this PHP protect a folder

有一种简单的方法可以使用 php 限制基于 PHP 会话授权的文件夹访问.它需要为有效的授权会话创建存根文件(并自动删除它们).在 PHP 中，您可以:

There is a simple way to restrict folder access based on PHP session authorization using php. It requires creating stub files for valid authorized sesssions (and automating their deletion). In PHP you do:

if ($user_has_permission_to_download)
{
   touch("tmp/access-" . session_id()); 
}

然后一个简单的 rewriterule+rewritecond 就可以用于授权:

Then a simple rewriterule+rewritecond can then serve for authorization:

RewriteCond %{HTTP_COOKIE}        PHPSESSID=(\w+)
RewriteCond ../tmp/access-%1      -f 
RewriteRule ^(.+)$  $1  [L]

RewriteRule .+  /deny   [L]

当找到相应的 cookie 值并且存在授权存根文件时，第一个块允许访问.第二条规则阻止其他任何人访问.

The first block permits access when the according cookie value is found and an authorization stub file exists. The second rule blocks access for anyone else.

这篇关于保护可下载文件的最佳策略 -php/mysql Apache2 服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！