htaccess: prevent direct file download
Hi There,
is there a way to prevent the direct file download via:
http://domain.tld/files/folder/file.mp3 ..?
The situation is the following:
There ist a site called Musik with an embedded flash mp3 player. This site ist free4all for listening the provided Tracks.
Also there is a site called Download where the files you listening before are downloadable as file.rar - only for registered users.
The Drupal access control works fine, only registered users can access the Download page.
Now the problem:
When you browse direct to http://domain.tld/files/folder/ and be aware the filename of the .mp3, you can download it without registration. Also you can download the .rar files located in a subfolder.
I've tried some .htacces configurations with the result that the access to the files won't work in no way or nothong changed.
Is there an idea or an workaround available to solve this issue..? Has anyone any idea how i can prevent this direct downloads..?
Thanks in advance.
Regards,
brick1
File system settings
You need to configure your downloads for private access.
1) Move your "files" directory ABOVE the web root.
2) Change the download method to "private" in administer->settings->File system settings.
3) Change the file system path to that of your "files" directory location. Use the following snippet to determine this:
<?php
$path_parts = pathinfo(__FILE__);
echo $path_parts['dirname'], "\n";
?>
For example on Linux the physical path to the web root is commonly "/var/www/html". When moving the "files" directory ABOVE the web root the file system path would be "/var/www/files".
Okay...
...i'll try this an inform you if it works.
Thank You.
Regards,
brick1
Hmmm...
Hi,
i've performed the steps you descibed but it won't work.
Now the files are not available for drupal or direct access (page not found).
I've moved my files folder from:
/var/www/vhost/web/drupal
to
/var/www/
For a better understanding: My webroot is /var/www/vhost/web/drupal/. Your snippet also always shows this path.
Anyidea..?
Regards,
brick1
After changing the files location in drupal, a common.inc and bootrstrap.inc error occured but only one time. Now the error is gone but i cant listen to the files via flash player or download the, from my 'Download' site.
//edit:
Here is the error message again:
warning: Cannot modify header information - headers already sent by (output started at /var/www/vhost/web/drupal/includes/bootstrap.inc:546) in /var/www/vhost/web/drupal/includes/common.inc on line 139.
wrong path?
Ok, so according to the snippet your web root is
/var/www/vhost/webI suspect that /drupal is a sub-directory of the web root, right?
I believe you need to locate your files directory here:
/var/www/vhost/making the full path
/var/www/vhost/filesEnter this as your "file system path" and save. If Drupal doesn't complain then you should be good to go.
Gnarf
After a new installation of drupal and the setup of the files folder out of the web root nothing works.
There is no access to the files folder.
The embedded flash player (which is located in the Tracks folder) cant displayed an when i creat a directory in the webroot (drupal) and copy the player data files in it, the player displays correct.
But he cant open the .mp3 file which is located outside of the web root (/var/www/files/Tracks/) :/
I cant find the failure, i'm tired and went to go to bed :(
Regards,
brick1
Okay, Problem
Okay, problem is solved. :)
Hint: When using the private method for file handling, install the 'filerequest' module. This one solved the problem.
Thanks a lot.
Regards,
brick1
Damn..
...worked only for a short time and only by me... Others can't see the player or listen to sounds...
If any has an other idea, let me know.
brick1
No,
not the wrong path.
Let me recapitulate all given tips:
1. Tip:
-activate 'private' method
-set 'files' folder ind drupal to '../files'
-path to file in the html-code: 'http://domian.tld/system/files/file.type
Result: won't work
2. Tip:
-activate 'private' method
-set 'files' folder in drupal to '/var/www/vhost/files'
-path to file in the html-code: 'var/www/vhost/files/file.type'
Result: won't work
I've tried both with and without the 'filerequest' module. Atm i'm running a test environment but the result is the same. Investigating the drupal logfiles achived always the same error:
'file not found' (tried with different pathes to the file). Additionally the filerequest module displays the following error:
warning: in_array() [function.in-array]: Wrong datatype for second argument in /var/www/vhost/web/drupal-test/modules/filerequest/filerequest.module on line 119.
I'm not very firm with php coding so i don't no whats wrong there
The strangest is that drupal can create the files folder (independently for the location) but the files can't accessed (tried with different 'chmod' an 'chown' settings).
?
brick1
Try a combination
Try a combination of both:
-activate 'private' method
-set 'files' folder in drupal to '/var/www/vhost/files'
-path to file in the html-code: 'http://domian.tld/system/files/file.type
okay, but i've tried every
okay, but i've tried every combination i can mind.
Probably this is a generally problem with my system configuration. Thanks for help but atm i've other things to do. I'll setup another server in the near future with a standard 'lamp' installation to test this problem.
Thanks a lot... :)
Regards,
brick1