简体   繁体   中英

Protect folder from remote access in PHP

I have a project that my client upload a lot of files to a folder on the server. That files can be downloaded using a link on his administrator page on the system (in PHP).

How can I disable the direct access to this files (in browser address)?

Put the upload directory somewhere outside of the web root. For example, if Apache (or whatever web server you are using) is configured with a web root of /var/www, but the uploaded files into eg /var/uploads, which guarantees that no one can every directly download them (at least via your web server).

Then use a PHP script as a stand-in proxy that first checks that the user is authenticated and authorized, then uses eg the passthru() function (after setting appropriate headers, of course) to let the user download the file.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM