如何防止文档直接访问
[英]How to prevent documents from direct access
问题描述
Hi we have a web application with document repository in php and web server is apache. 
嗨,我们有一个Web应用程序,其文档存储库位于php中,并且Web服务器是apache。 How can I prevent access to these documents file directly using url, so that only our users can acceess the documents after login. 如何防止使用url直接访问这些文档文件,以便只有我们的用户才能在登录后访问这些文档。 The url for accessing the documents is also being displayed in google search result. 用于访问文档的url也显示在google搜索结果中。
1 个解决方案
解决方案1
3 已采纳 2013-11-13 03:34:55
Don't store your files in your web root. 不要将文件存储在网络根目录中。 Keep them outside of your web root and refer to them via a PHP file. 将它们放在您的Web根目录之外,并通过PHP文件引用它们。 That file will authenticate the user to verify that you want them to be able to download the file and allow them to see it. 该文件将对用户进行身份验证,以验证您是否希望他们能够下载文件并允许他们看到它。 Otherwise it will prevent the from occurring or load an error message instead. 否则,它将防止发生该错误或加载错误消息。
HTML: HTML:
<a href="download.php">Download</a>
Sample PHP (download.php): 示例PHP(download.php):
<?php
if (!isset($_SESSION['authenticated']))
{
exit;
}
$file = '/path/to/file/outside/www/secret.pdf';
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.