Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

protecting download folder


Miles

Recommended Posts

I have downloadable products in my catalog and I was wondering what mechanism OSC uses to protect that folder? if my install is configured to have the files in catalog/downloads/ how do you stop anyone from just going to http://my.osc.site/catalog/download/ and just taking whatever they want?

 

Anyone with experience on this?

 

Thanks,

 

Miles

Link to comment
Share on other sites

Wouldn't turning on "redirect downloads" in the Download configuration take care of this?

 

I tried that and I'm not exactly sure what it is supposed to do. In any case, I ended up creating an .htaccess file for the download directory which oly allows my website as a referrer.

 

Here's the contents of the .htaccess file:

 

SetEnvIfNoCase Referer "^http://www.sitename.com/" local=1

SetEnvIfNoCase Referer "^http://www.sitename.com$" local=1

SetEnvIfNoCase Referer "^$" local=1

< Directory ".(gif|png|jpg)$" >

Order Allow,Deny

Allow from env=local

< /Directory >

 

Direct access to the download directory now generates a 500 error in the server, so I also added a line in the server config file to make the error document the same as the 404 file not found error document. That way it looks like the directory doesn't exist.

 

Miles

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...