How to protect download URLs to be stolen with PHP?

I have several programs linked and hosted on my server. I need to protect the URLs from being stolen and placed on other sites because they'll us开发者_开发百科e my bandwidth.

How can I do that in PHP?

Should I just check referrer or do something else?

If you have the binary files on your server, and someone gets the address, you can't use PHP to prevent them from downloading them. You want to protect them at the web server level. Assuming you're using Apache, looking to doing this with custom .htaccess directives.

This question, involving the direct download of MP4 videos, may point you in the right directions:

Disable hot linking or direct download of my videos and only stream the video when it's displayed from a page in my website

If you don't want them downloaded/stolen, then don't put them on your site.

On the plus side, if they are stolen, then your bandwidth will only get used once. Checking referer is easiest to do, and also easiest to bypass/subvert.

If you're concerned that your server is only hosting the files but users who download it don't see where it comes from, you can do the following:

• check for the referrer. This can be fooled, however, if you're concerned about links from forums etc., this is an option.

Basically you're checking if the HTTP referer header is set and matches your site's pattern. If not, you could block the traffic, however, if you actually want to offer downloads, I would not block the user.

Instead you can display a download facade-page with your site design and offering the download then. With some session logic, you can allow users to download files.

This can be done to build a much better hotlinking checker than based on http headers as well.