开发者

Prevent direct-linking to .zip files

I'ld like to prevent direct-linking to .zip files I offer for download on my webs开发者_StackOverflow社区ite. I'm reading posts for hours now but I'm not sure which method is the best to achieve that. PHP seems not to be safe and htaccess refferer can be empty etc. Which method do you guys use or would suggest?

Cheers


See: http://www.alistapart.com/articles/hotlinking/

and: http://www.webmasterworld.com/forum92/2787.htm


Referrer checking is one option, but as you noted they can be empty or spoofed.

Another possibility is to set a cookie when someone visits normal pages on your site, and check for that when the person tries to download the zip file. This could be gotten around (e.g. by the hot-linker embedding an appropriate cookie-setter page as a 1x1 image along size the hot link), but it's less likely they'll figure it out. It'll also exclude people who block cookies, of course.

Another possibility is to generate limited-time-access URLs on the download page, something along the lines of http://example.com/download.php?file=file.zip&code=some-random-string-here. The link would only be usable for a small number of downloads and/or a short period of time, after which it would no longer function.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜