allowing access to protected directories

Hi there,

I am looking for a way to allow access to files on my site via links, but disallow the same files to be directly accessed by typing the path to the file directly from a browser.

Is there a way to set up HTTP authentication on specific directories, but be able to bypass it under certain circumstances...such as clicking on a link on my/or another specified domain?

I'm thinking of passing a variable via the legitimate link and checking for the existence of it before showing the file, but thats hardly secure?

I appreciate all advice.

Thanks,
Rob

Potentially, you could just create a script that doens't work with the Get request variables. It should look for only Post form variables.

Both methods can be "hacked", however, you can't just type a Post variable into a brower.

A user would have to create an html document that sends a form post to your script, or they would have to send http headers in the correct format.

It is a bit more work, but you don't seem to need "High" security, just some security.

If you are looking to do this right though, just use simple http authentication with your .htaccess file.

Hi,

Thanks for the response.

You said just use simple HTTP authentication, which I am doing...do you mean there is a way to edit the .htaccess file alone to get what I want?

Thanks

Yes.
You should go over to the apache docs and check up on this:

http://httpd.apache.org/docs/howto/auth.html#basic

Thanks, I'll look it up