Results 1 to 8 of 8
  1. #1
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Hatsukaichi, Hiroshima, Japan
    Posts
    904
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Preventing browser access to files

    Hello,

    I'm trying to set up a page so that when the user clicks on a button this causes an mp3 file to stream. I can do this but I'd like to avoid the situation whereby a user checks out the source of the page notes the location of the mp3 file and then downloads it directly via the browser. Is it possible to prevent direct access to a file? If I password the folder then when the button accesses the file the user is also requested for the password and I don't want this to happen. I read somewhere that a .htaccess file could be used to block direct access access but that it wouldn't stop access to the file via script. I tired something on these lines but so far the htaccess file seems to block the script as well (I was trying to use PHP). Is what I am trying to do just impossible? Does anyone have any ideas?

    Thanks,

    Chris

  2. #2
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Preventing browser access to files

    You'll probably want to use Server-side scripting (ASP, ASP.NET, PHP, etc) to send the desired file to the user without revealing the parent path of the file. For example, I used a component called aspSmartUpload to allow my ASP page to send a file that was not even located in the web folder. This is probably one of the best (easiest) ways to go about your task. If your web host doesn't support ASP, you will need to find a similar product for PHP.

    Hope this helps

  3. #3
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Hatsukaichi, Hiroshima, Japan
    Posts
    904
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Preventing browser access to files

    Thanks Mark. I don't have access to ASP. I found a script at Stadtaus.com called Download Center Lite which I think will work for what I want to do. Incidentally, I've read in quite a few places about accessing a folder outside public_html and I wonder how it's done - I mean what path is used? I can see the folder above public_html at my domain but I have no idea what the root folder is called so I can't work out how to link to something in it. Do you have any ideas?

    Thanks again,

    Chris

  4. #4
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Preventing browser access to files

    Chris,

    When you use a server-side component (of any language) to "feed" a file to the user, it leverages the access permissions of the web server and operating system to read the file (which is often outside the web root folder). It reads the file into the server's memory, then streams those bytes to the client. Therefore, the file can be located anywhere that the web server or operating system can access.

    You can create a new folder that's a sibling to your public_html folder for storing the downloadable files. Then you can set the path of your download script to the path ../YourFolderName/YourFileName.xxx.

    Hope this helps

  5. #5
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Hatsukaichi, Hiroshima, Japan
    Posts
    904
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Preventing browser access to files

    Hi Mark,

    Got some time this weekend to do as you suggested about making a sibling folder. I set the path as you suggested (that's a relative path, yes?) but I can't access any file outside public_html - could it be some limitation set by the hosting company?

    Thanks,

    Chris

  6. #6
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Preventing browser access to files

    In order to provide files to the end-user from a sibling folder (not contained inside the web root) you'll need to implement one of the previously mentioned server components. You won't be able to simply place a link to these files due to the fact that the web server can not directly server files outside of the web root.

    The server component basically reads any file into memory (regardless of location - as long as it has permissions to read the file in the file system) and streams it to the client. Keep in mind that you may need to rely on the ../ notation to traverse the folder structure in order to provide the needed path to the server component. For instance, a sibling folder to your webroot might be called "files." From a file inside the root of your webroot folder, you would use "../files/YourFile.txt" as a reference. If the html file is in a subfolder, you would use "../../files/YourFile.txt"

    Hope this helps

  7. #7
    5 Star Lounger
    Join Date
    Jul 2002
    Location
    Hatsukaichi, Hiroshima, Japan
    Posts
    904
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Preventing browser access to files

    Thanks Mark, at the moment I can't get the PHP script to access anything outside the web root. This location is actually suggested by the script writer so I guess it should be possible, that's why I wondered if the hosting company could have done something. I guess I can try contacting them but it won't be so easy as they are a Japanese company and only have support in Japanese and my Japanese is poor. I was trying to eliminate other possibilities before taking this path.

    Thanks again,

    Chris

  8. #8
    2 Star Lounger
    Join Date
    Aug 2004
    Location
    Withyham, Sussex, England
    Posts
    121
    Thanks
    2
    Thanked 1 Time in 1 Post

    Re: Preventing browser access to files

    Hi Chris, if you place this bit of code in notepad or any text editor and save it as path.php <?php $path=getcwd(); echo"Your absolute path is:"; echo $path;?> upload it to your server in as many folders as you like it will show you the path to your folders.IE:- http://www.yoursite.com/path.php . If you can not access a folder outside of your public_html try using an include statement ie:- create lets say index.php in notepad put
    <?php include_once(`../directoryname/path.php`); ?> (place a copy of path.php in the directory outside of public_html) up load it to your html folder, and then try http://www.yoursite.com/index.php to see if you can access it this way. hth Cheers gws.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •