Redirect 301 only in case of direct access to the file

Asked

Viewed 38 times

1

I have a . zip file in a folder on my server and I don’t want direct external links to it, only through a link on my own site. So I created a . htaccess in the file folder and put:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?meudominio.com.br [NC]
RewriteRule \.(zip)$ - [NC,F,L]

Source: https://stackoverflow.com/questions/22605189/restricting-access-to-zip-files-from-other-domains-with-htaccess

This basically solves the external link problem, but:

  1. If someone sticks the link in the address bar and follows, can they still download it? How I could also block direct access (without reference)?

  2. How can I redirect these already distributed links to a URL (like the original link) instead of showing the prohibited access page?

  • 1

    Referencing can be easily manipulated and thus circumvented, this is a terrible strategy of "security". It would be more interesting to work with session and/or token, which is too broad for me to answer here.

  • No problem, it’s not exactly a paid or responsive file. The idea is just to make external linking difficult because I miss too many visits.

  • I couldn’t understand the second question "How can I redirect these already distributed links to a url (like the original link) instead of showing the forbidden access page?"

  • 2
    1. yes, it can, and if blocking the reference (first Rewritecond) will block legitimate access, it gets even worse (it is the option of the browsers to inform or not the reference). 2) There is no way. If the file can be accessed by link without some sort of login or authentication, there is no way to block it (just decrease the number of improper accesses, which is what you have already done). This subject has already been covered enough on the site, I suggest using the research. If you want to protect, take the file from the root so it is not directly accessible, and create an authentication mechanism that transfers the file.
  • Answering Guilherme: I mean redirect the link to the file (which has already been distributed there) to the download page. I can do a 301, but this is redirecting the link.

  • So there are 2 redirects taking place from a first link when only one should occur? It’s confusing, it seems another problem, by the way I think I should not use 301, I should use 302, pq 301 is permanent and if you do not know what you are doing and did something wrong will be forced to clean the cache and resetting some more things.

Show 1 more comment

1 answer

0

You can set a flag in your session too, I don’t know what language you are using, but for example in PHP, on the download page you can put a $_SESSION['autorizadownload'] = true; and on the file download page you can read this flag.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.