Miles Posted February 21, 2005 Share Posted February 21, 2005 I have downloadable products in my catalog and I was wondering what mechanism OSC uses to protect that folder? if my install is configured to have the files in catalog/downloads/ how do you stop anyone from just going to http://my.osc.site/catalog/download/ and just taking whatever they want? Anyone with experience on this? Thanks, Miles Link to comment Share on other sites More sharing options...
Guest Posted February 21, 2005 Share Posted February 21, 2005 did you try going to the link to see what happens prior to asking? Link to comment Share on other sites More sharing options...
Miles Posted February 21, 2005 Author Share Posted February 21, 2005 did you try going to the link to see what happens prior to asking? <{POST_SNAPBACK}> Yup. I see the directory listing of the downloads folder. Miles Link to comment Share on other sites More sharing options...
Miles Posted February 21, 2005 Author Share Posted February 21, 2005 Yup. I see the directory listing of the downloads folder. Miles <{POST_SNAPBACK}> here it is... Miles Link to comment Share on other sites More sharing options...
Guest Posted February 21, 2005 Share Posted February 21, 2005 Try looking for Download Controller in Contribution section. I personally haven't used it, but it might be worth a try. Good luck! :thumbsup: Link to comment Share on other sites More sharing options...
Solari Posted March 1, 2005 Share Posted March 1, 2005 Wouldn't turning on "redirect downloads" in the Download configuration take care of this? Ray Link to comment Share on other sites More sharing options...
Miles Posted March 1, 2005 Author Share Posted March 1, 2005 Wouldn't turning on "redirect downloads" in the Download configuration take care of this? <{POST_SNAPBACK}> I tried that and I'm not exactly sure what it is supposed to do. In any case, I ended up creating an .htaccess file for the download directory which oly allows my website as a referrer. Here's the contents of the .htaccess file: SetEnvIfNoCase Referer "^http://www.sitename.com/" local=1 SetEnvIfNoCase Referer "^http://www.sitename.com$" local=1 SetEnvIfNoCase Referer "^$" local=1 < Directory ".(gif|png|jpg)$" > Order Allow,Deny Allow from env=local < /Directory > Direct access to the download directory now generates a 500 error in the server, so I also added a line in the server config file to make the error document the same as the 404 file not found error document. That way it looks like the directory doesn't exist. Miles Link to comment Share on other sites More sharing options...
Miles Posted March 1, 2005 Author Share Posted March 1, 2005 < Directory ".(gif|png|jpg)$" > <{POST_SNAPBACK}> I also added zip files to the list < Directory ".(gif|png|jpg|zip)$" > Miles Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.