How to disable direct access to a file for unlogged users?

R

RJs452014-11-07 17:28:10

PHP

RJs45, 2014-11-07 17:28:10

Good day.
There is a database (mySQL), it stores information about payments, accounts, etc. The database is managed through a PHP application. Files (scans of receipts, contracts) are attached to the accounts.
Problem: the file must be available for viewing/downloading only by authorized users in the form of a code on the page: <img src="http://site.ru/data/contracts/1234.png">, and it is also available via direct url http://site.ru/data/contracts/1234.png
. Is it possible to block access to the file via direct url somehow?
Interested in a solution for apache and nginx.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

B

BoneFletcher, 2014-11-07
@RJs45

For nginx - X-Accel-Redirect

header('X-Accel-Redirect: ' . $file);
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($file));
exit;

For apache - XSendFile

header('X-SendFile: ' . realpath($file));
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($file));
exit;

habrahabr.ru/post/151795

A

Alexander Aksentiev, 2014-11-07
@Sanasol

Give through php with authorization check ...
And the deny all directory itself

V

Vit, 2014-11-07
@fornit1917

Sending directly through php is not the best option. Much better to use nginx and X-Accell-Redirect
www.opennet.ru/base/net/nginx_x_accel_redirect.txt.html

E

Evgeny Kolotilin, 2014-11-07
@iswitch

If the server is nginx, then here is an excellent solution habrahabr.ru/post/37686