问题
In my website, i want to restrict viewing certain files which are stored in a directory called "/content" such that only logged in users can view the files
as it stands right now anyone who types in xxxxxxx.com/content/4dc32b1c0a630.png into the browser can see this image file
I've added Options -Indexes to my .htaccess file but that didn't do anything
if it is helpful my site is built using codeigniter, so a PHP solution would be great, though I'd take any advice you might have!
thank you, Tim
回答1:
You can write a controller for that purpose.
In one of my projects I've done a resized pictures controller only for logged in users. It's based on timthumb script http://code.google.com/p/timthumb/
In controller __contruct(); write user authentification code and that's all!
So you will call these files via controller, like http://www.site.com/images/1314.png
回答2:
Use mod_rewrite to rewrite any accesses to anything in /content to a PHP script that will auth the user and then provide the file, either directly or via mod_xsendfile.
回答3:
Put these lines in your root .htacess file to block access to content/4dc32b1c0a630.png for unauthenticated users:
Options +FollowSymlinks -MultiViews
RewriteEngine on
RewriteCond %{LA-U:REMOTE_USER} ^$
RewriteRule ^content/4dc32b1c0a630\.png/?$ - [R=403,L]
However I would suggest you use wild cards (if possible) to match blocked files above rather than listing each and every individual file.
来源:https://stackoverflow.com/questions/6050844/restrict-browser-access-to-directory-files