I have files stored in the server with the Plesk panel, currently, any person with the link of my site can access the file and download it.
Is there any way to prevent the download for all the users?
The general approach is to create a folder that is not in the root folder of the web site. In other words, you don't allow nor have valid URL's to a folder as a result. This does mean then you have to build some type of web page that can say list out some files and a button to click to download such files.
In other words, no valid url's exist. This tends to suggest that you have some type of grid or display of files. often even a database table to drive such a display is used.
When the user clicks on say a button on that grid row, then code behind can fetch the file, and "stream" it down to the user. The end result is thus no valid url's or resolvable path to the files exists.
Also, from IIS, turn off directory browsing. and thus again no valid URL's to the files exists.
The other approach? You can build a custom http handler. This approach is quite common. That way, any url that ends in .pdf will be trapped, and thus not allowed. As noted, this again means you have to provide a "list" of files, and a button to download - and again you can then stream the file from the server.
So there is quite a few ways, but ultimate, I as a general rule don't allow files to be downloaded or even accessed by URL's. I always provide some kind of web page, and a list of choices for the user. The code behind is what actually fetches the file, and then streams it down to the browser.
So, you can
Search for how to build a custom http handler for pdf files in asp.net
Search for how to stream a file to users in asp.net
how to turn off directory browsing in IIS.
There are a truckload of options here - in fact too many to really post and explain in Stack Overflow answer.
Related
I am stuck on this part of my laravel application, Where I am asked to protect the files from directly accessed via url browser hit.
I have a public folder in which in a doc folder is present where all the documents are going to be uploaded. I just need a solution to prevent this where i can access docs directly from my application but any third party visitor can not view my docs (images,pdfs etc..).
I have tried many solutions but its not at all working.
I just want to things :-
1. Protect my docs through direct access.
2. Way of implementing it in laravel (via .htaccess)
I know this can be possible through htaccess, but how?
Kindly help Please :)
Add in your upload folder .htaccess file with content:
Deny from all
There are three approaches I can think of just now;
You intercept all image and video requests with Laravel, then using the router, serve up the content that the user was after, provided they are authorised. THIS WILL BE SLOW!.
You rely on obscurity and put all that clients images, videos etc in a folder that has a long-unguessable random url. You can then link to the content in your code using the 'static' folder name. The customer's content will always be in that folder and accessible if they log in or not. The advantage of this compared to 1 is that your framework does not have to boot for every image or video.
Have all the content hidden away - possibly in the storage folder. When the user logs in, create a temporary symbolic link between their public folder and their folder in storage. Keep a note of the link in the session. Use the link in all gallery etc rather than the static code used in (2) above. Once they log out the code will no longer be valid, and you can delete the symbolic link on logout or have a job to tidy it up periodically.
I would like to give the user a file browser from within a webpage.
Here is what I've tried. I'm trying to present the file contents myself. I am trying to make it so there is div that is the same as what you would get on an ordinary directory browse within the webpage. I have succeeded in making the div work visually, displaying the contents of the selected folder but when trying to click on a file in that directory it can not find the file because it is looking in the wrong file path index.html/ instead of index.html/videos.
Code:
<div id="new-nav"></div>
<script>
$("#new-nav").load("/videos");
</script>
What's the best way to give the user a "file browser" experience in a webpage?
I would recommend using http://ckfinder.com/demo instead.
Features of CkFinder as Listed on their Site
Lightweight interface.
No page refreshes: quick responses.
Folders tree navigation: intuitive for all users.
Quality image thumbnails, making it quick to find things.
Multi-language support with automatic user language detection.
Context-sensitive menus for files and folders.
Multiple file uploads with a progress bar (*).
Full user control of the content: create, rename, and delete
folders and files.
Drag-and-drop support for copying and moving files between folders.
Full developer control: all features can be precisely configured with
a powerful ACL and user roles system.
Flexible configuration: store files in private folders, also
outside the document root.
Secure file uploads: all uploaded files are checked according to
the rules set by the developer.
Full source code included for the server side integration.
Instant integration with CKEditor and FCKeditor.
As far as I have read, PHP can only get the file listing from local server on which script is running.
What I need is the list of files in a directory on an external URL, which is not FTP but an HTTP URL, such as www.google.com. Is this possible in PHP?
Here is example of what I want (but FDM is C++ app)!
You can only see this if the webserver allows it
This is not possible in any language.
If a remote server does not want to list directory contents (i.e. if it's configured not to), no external script can generate one; that would be insecure.
Free download manager does not show the files in the folder, but all the links found on the web page. You can get a web page with curl, and grab all links from it (using regular expressions), then download the linked pages - that's how web-spiders are build. But you cannot get list of the files that are on the server, only the one that are linked in a publicly available web-page.
You can see server files only if the server allows that option, alternative you have to install your own script that will do that work for you indepent of the server settings. That also means that you have to have access on the server that you like to list the files.
I am developing a web application in PHP as a replacement of Microsoft Access based application for a company.
In old access application in their database they were storing a link to a word document, which further links to other documents. Now in access form they are showing that link, when click on that link they can open the word document from a common folder in a network PC and make any changes the that file (pretty easy for user).
Is there any way to do the same through the web-based application?
What if I just move the common folder in my www directory?
In that case they can open the file easily, but if they have to make any change they have to download the file on their PC, and the changes will be done to their local file not in the file that is on server. So they need to move file to server back or ask network admin for moving the file back to the server
What if I keep common folder in a network PC it self and try to access it form there?
Just by clicking I can’t open a file form client’s or any other network PC. For this when click on the link I have to open & read file through PHP on web server. Using any document to PDF converter, I have to convert the file format and then open it in browser. Here the problem are,
Still I can’t make changes in file and
I have to fix about the format that I might need to convert in PDF.
I am not sure how the other documents that are linked to the main document will work.
There's two ways of doing this: (a) let the user download it from your web application, either statically (stored on the web server) or dynamically (processed in PHP or even built in real-time).
Or, (b) use a file link to a known location on the user's disk, such as file://C:/mydoc.doc.
Addendum - if you want to write to the file in your web app, but also have the user open the same copy, use (b) rather than (a). This presumes that the location of the file is available through a local or network path.
I know it's practically impossible to not allow a user to download an mp3 file with all the various methods out there. But I'm stuck in a situation where i need to make things slightly more private/secure for my customers.
Here's my problem, I'm currently using this flash mp3 player http://www.flabell.com/flash/Flash-Mp3-Player-29 to stream/play the songs. The player uses xml for settings & playlist. I'm also using WordPress & the S2Member plugin.
I'm trying to allow the player to play songs but yet do not allow users to download/opening the direct links to the files. (eg: songs are located at domain.com/player/songs/*.mp3, script is in a level up). Is there a htaccess method to deny direct access but yet allow (local) scripts to call the file?
Also, I mentioned about S2Member plugin for WordPress.
The WordPress plugin has a built in restriction to as where logged in users can download files that are hidden from open access. So in order to download a song, u'll have to use domain.com/s2script_download?file=mysong.mp3.
The folder that hosts the files has a .htaccess with a "Deny All" in it. Is it possible to reuse this folder to play/stream songs with the flash player mentioned above?
To the best of my knowledge this isn't possible. Yes, it's possible to deny access to the outside world, while allowing access to local scripts. But Flash isn't a local script. All things being equal, a Flash app requesting a file is no different than a browser requesting a file. You can't block one without blocking the other.
The only solution that even comes to my mind is having the Flash app request the file with a special query string, i.e. /somesong.mp3?fromflash. Off course that won't stop most people from getting the song, but it could stop some people.