Prevent direct-linking to .zip files_问答_开发者

开发者 https://www.devze.com 2023-02-26 01:51 出处：网络

I\'ld like to prevent direct-linking to .zip files I offer for download on my webs开发者_StackOverflow社区ite.

相关专题：download

I'ld like to prevent direct-linking to .zip files I offer for download on my webs开发者_StackOverflow社区ite. I'm reading posts for hours now but I'm not sure which method is the best to achieve that. PHP seems not to be safe and htaccess refferer can be empty etc. Which method do you guys use or would suggest?

Cheers

See: http://www.alistapart.com/articles/hotlinking/

and: http://www.webmasterworld.com/forum92/2787.htm

Referrer checking is one option, but as you noted they can be empty or spoofed.

Another possibility is to set a cookie when someone visits normal pages on your site, and check for that when the person tries to download the zip file. This could be gotten around (e.g. by the hot-linker embedding an appropriate cookie-setter page as a 1x1 image along size the hot link), but it's less likely they'll figure it out. It'll also exclude people who block cookies, of course.

Another possibility is to generate limited-time-access URLs on the download page, something along the lines of http://example.com/download.php?file=file.zip&code=some-random-string-here. The link would only be usable for a small number of downloads and/or a short period of time, after which it would no longer function.