I have a directory that contains many sensitive pdf documents. If someone k开发者_StackOverflow社区new the filename, they could simply bypass my login system and view the file just as if it were an image.
If I moved the directory out of the document root how would I show it to the user once they were logged in? I'd need to pull the requested file back into the document root but not sure how to do this.
If there are any other suggestions aside from removing the directory from the root, I'm open to that as well. Thanks.
Serve file through PHP so you will always know who/when/what will download.
Add in .htacces file following line:
RewriteRule ^(dir_name_1|dir_name_2)/? /error/404 [L]
精彩评论