Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Restriction on file |
|
| Author |
|
Lorenzo
Joined: 04 Mar 2020
Posts: 1
Location: Rome
|
 Posted: Thu 05 Mar '20 0:24 Post subject: Restriction on file |
 |
|
Hello I have a problem that I'd like to resolve. I have a web site. One of the services offered in this website there is mini-cloud. In the cloud the users signin can uploads every type of files such as images. Every user has own directory where can upload and see the files. But if someone has the complete path of the url where is saved a file, he can see the file without signin to personal area. For example if a file is stored in /var/www/html/userDir/file.exstesion if a user know the path http://website.com/userDir/file.exstesion. I want improve the security of the website. I'd like add a restriction on the files. I wish that only registered users can access to the files on the cloud. Someone can resolve my problem?
I use Debian.
Server version: Apache/2.4.38.
PHP 7.3 and 10.0.28-MariaDB-2+b1.
I use PHP Session for the login. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 09 Mar '20 12:32 Post subject: |
|
|
If you use mod_rewrite for that and send the requests through a php handler, you can manage the access easily.
Another idea would be to use mod_auth_token |
|
| Back to top |
|
|
|
|
|
|
