允许用户在webroot之外下载文件 [英] Allow users to download files outside webroot
问题描述
您好,为了安全起见,我正在使用PHP来允许用户上传文件,并让他们坐在webroot(/ var / www)文件夹之外的文件夹中。它在文件夹/ var / uploads中。用户上传特定记录的文件。将上传的文件移动到uploads文件夹后,附件的地址将存储在数据库中。现在每当用户检查记录时,将显示特定记录的附件以供下载。
Hello I am using PHP to allow users to upload files and I have them sitting in a folder outside webroot (/var/www) folder for security reasons. It is in the folder /var/uploads. A user uploads files for specific records. Once the the uploaded files are moved to the uploads folder, the address of the attachment is stored in the database. Now whenever a user checks the record, attachments for the specific record are going to be displayed for downloads.
由于它们不在webroot,我无法获取下载,因为他们将有一个URL
Since they are out of the webroot, I am unable to get them downloaded as they would have a url of
我们有解决方案或者应该可以下载的文件夹是webroot的子目录?
Do we have a solution or should it downloadable folders be child directories of the webroot?
<?php
$con = mysql_connect("localhost","id","pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("db", $con);
$result = mysql_query("select * from attachments");
while($row = mysql_fetch_array($result))
{
echo '<a href="'.$row[2].'" target="_blank">Download</a>--'.$row[3].'<br>';
}
mysql_close($con);
?>
是我正在使用的代码。文件夹的所有者是www-data:/或web服务器。所以应该没有访问问题。
is the code I am using. The folder's owner is www-data:/ or the web server. So there should be no access issues.
推荐答案
使用
一个Apache 别名指令 别名/上传/ var / uploads (必须在httpd.conf中)
a Apache Alias directive Alias /uploads /var/uploads (must be in httpd.conf)
或接受GET变量的代理PHP脚本 filename = upload.jpg 并提取文件例如使用 fpassthru()
or a proxy PHP script that accepts a GET variable filename=upload.jpg and fetches the file e.g. using fpassthru()
选项,因为它是资源密集型,但有时它是唯一的选择。它还需要适当的保护,以防止攻击者通过代理服务器获取其他文件。
the latter is the least preferable option because it is resource intensive, but sometimes it's the only alternative. It also needs proper securing to prevent an attacker from getting other files on your server through the proxy.
这篇关于允许用户在webroot之外下载文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
