[thelist] Preventing direct access while allowing PHP script access

Robert Gormley robert at pennyonthesidewalk.com
Mon Mar 27 07:51:53 CST 2006

The simple answer - to my mind - would be, assuming Apache, to use a 
.htaccess. Disallow web requests for the file. Allow, however, 
filesystem access, and use the SWF functions to generate a swf using the 
?filename= as a parameter. A la where you see "<img 
src="script/stats.php">, along those lines. Then you can wrap even 
further access control into the PHP.

Or, if using LightTPD, look into mod_secdownload which changes a URL 
every 30 seconds via MD5 hash, quite cleanly and elegantly.


minty freshness wrote:
> Now, I want my PHP script, eg, something like
> "http://www.domain.com/swf_me_up.php?filename=someswf" to be able to
> access these, obviously. However, I want to prevent people from simply
> typing in something like "http://www.domain.com/swf/someswf.swf" and
> accessing it directly (mainly because I want to extract money from
> them first, *rubs mercenarious hands*).

More information about the thelist mailing list