How to protect download URLs to be stolen with PHP

2019-08-09 05:13发布

I have several programs linked and hosted on my server. I need to protect the URLs from being stolen and placed on other sites because they'll use my bandwidth.

How can I do that in PHP?

Should I just check referrer or do something else?

标签: php url
3条回答
疯言疯语
2楼-- · 2019-08-09 05:30

If you have the binary files on your server, and someone gets the address, you can't use PHP to prevent them from downloading them. You want to protect them at the web server level. Assuming you're using Apache, looking to doing this with custom .htaccess directives.

This question, involving the direct download of MP4 videos, may point you in the right directions:

Disable hot linking or direct download of my videos and only stream the video when it's displayed from a page in my website

查看更多
Rolldiameter
3楼-- · 2019-08-09 05:33

If you're concerned that your server is only hosting the files but users who download it don't see where it comes from, you can do the following:

  • check for the referrer. This can be fooled, however, if you're concerned about links from forums etc., this is an option.

Basically you're checking if the HTTP referer header is set and matches your site's pattern. If not, you could block the traffic, however, if you actually want to offer downloads, I would not block the user.

Instead you can display a download facade-page with your site design and offering the download then. With some session logic, you can allow users to download files.

This can be done to build a much better hotlinking checker than based on http headers as well.

查看更多
▲ chillily
4楼-- · 2019-08-09 05:49

If you don't want them downloaded/stolen, then don't put them on your site.

On the plus side, if they are stolen, then your bandwidth will only get used once. Checking referer is easiest to do, and also easiest to bypass/subvert.

查看更多
登录 后发表回答