1

I have several programs linked and hosted on my server. I need to protect the URLs from being stolen and placed on other sites because they'll use my bandwidth.

How can I do that in PHP?

Should I just check referrer or do something else?

Tunaki
  • 132,869
  • 46
  • 340
  • 423
chubbyk
  • 6,212
  • 13
  • 53
  • 67
  • 1
    if you put files on server to be hosted, then what's the problem for them to be downloaded? you want them to be shared, right? – fazo Jul 27 '11 at 16:41
  • You could create an unique download link for each download that will expire after a certain amount of time. – Nobody moving away from SE Jul 27 '11 at 16:43
  • 1
    What exactly are you concerned about? That users can download stuff from your server while your site is not showing up? – hakre Jul 27 '11 at 16:53

3 Answers3

1

If you have the binary files on your server, and someone gets the address, you can't use PHP to prevent them from downloading them. You want to protect them at the web server level. Assuming you're using Apache, looking to doing this with custom .htaccess directives.

This question, involving the direct download of MP4 videos, may point you in the right directions:

Disable hot linking or direct download of my videos and only stream the video when it's displayed from a page in my website

Community
  • 1
  • 1
ams
  • 796
  • 1
  • 12
  • 22
1

If you don't want them downloaded/stolen, then don't put them on your site.

On the plus side, if they are stolen, then your bandwidth will only get used once. Checking referer is easiest to do, and also easiest to bypass/subvert.

Marc B
  • 356,200
  • 43
  • 426
  • 500
0

If you're concerned that your server is only hosting the files but users who download it don't see where it comes from, you can do the following:

  • check for the referrer. This can be fooled, however, if you're concerned about links from forums etc., this is an option.

Basically you're checking if the HTTP referer header is set and matches your site's pattern. If not, you could block the traffic, however, if you actually want to offer downloads, I would not block the user.

Instead you can display a download facade-page with your site design and offering the download then. With some session logic, you can allow users to download files.

This can be done to build a much better hotlinking checker than based on http headers as well.

hakre
  • 193,403
  • 52
  • 435
  • 836