Amy
Reputation: 946
Is there a way to disallow direct access of file but allow download via PHP script using IIS?
I currently have a php script that serves downloads which you can view below. It works fine, but I wanted it so even if you had the direct link to a file you could not use that to download it. I'm currently using IIS 7. I saw that there is request filtering, but I didn't see how I could use that without blocking access to the files completely.
$extension = fileexten($filename);
if(($filename!= false)&&($fakename!=false&& @fopen($filename,'r')==true)){
$mime = contenttype($extension);
set_time_limit(0);
header('Pragma: public');
header('Expires: 0');
header("Content-Type:".$mime);
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Cache-Control: private', false);
header('Content-Disposition: attachment;filename='.$fakename.'.'.$extension);
header("Content-Transfer-Encoding: binary");
if (ob_get_length() > 0) {
ob_end_clean();
}
flush();
readfile($filename);
}
else{
$error = "<h3>We could not find this file</h3>";} // If the filename or fake filename could not be retrieved.
}
Upvotes: 1
Views: 443
Answers (1)
Amy
Reputation: 946
I was able to get this working by following these instructions
https://stackoverflow.com/a/22575734/104253
Upvotes: 1
Related Questions
- Deny direct file download from webserver by URL
- Prevent direct URL Access of PHP files in the Web Application
- PHP prevent direct access to file but still use in download script
- DENY direct download of file using php
- How to block HTTP access to file
- Making a file not accessible for direct download in PHP/Apache
- Preventing direct access but allowing file downloads from within a page
- asp.net - prevent downloading a specific file
- Preventing Users from Downloading file from website directly, how?
- How to not allow users(or hackers) to download a file directly from web server?