0

I'm trying to protect user uploaded files in directory /secret. I created a htaccess file and placed it into that directory.

RewriteBase /secret/ RewriteCond %{REQUEST_URI} !^download.php.*$ RewriteRule .* download.php [QSA,L] #send request to php script, that script sends out the file if user is authenticated

This is working very well, as long as all the files are in that /secret directory. The problem comes when there are subdirectories, for example /secret/subfolder/document.txt. Now when I request this file with my browser, Apache sends out the file. It will not be rewritten by the rewriterule, and anyone can download that file.

Is there any trick that I could use to redirect all the request inside /secret folder to go throught download.php script? So that /secret/file.txt and /secret/subfolder/document.txt etc would all work. I can do the authentication only with php and I would like to keep my directory structure as it is, since those files are used as links on a various member only pages.

Best regards, Jdoen

Improve this question

1 Answer 1

Reset to default
0 
RewriteBase /secret/ RewriteCond %{REQUEST_URI} !^download.php.*$ RewriteRule ^(.*)$ download.php [QSA,L] #send request to php script, that script sends out the file if user is authenticated

If that doesn't work try to remove the ^ in front of ^(.*)$

Improve this answer
1
  • Thanks for your quick reply. I feel a bit stupid now, since the problem was that there was another .htaccess file in the subdirectory. Your suggestion works perfectly. But just to let others know, my original rewriterule was also actually working. Commented Dec 7, 2010 at 13:02

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.