Locking a directory for downloads?

Connect with other users about what to run on your webhosting (and how to run it) here.
Post Reply
silentwisher
A semi-regular
A semi-regular
Posts: 20
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Sat Jul 13, 2013 1:09 pm

Locking a directory for downloads?

Post by silentwisher »

So im creating a online store and they recommend locking down a folder to prevent people from indexing it and directly accessing it, while still being able to download the file via the temp link that the site generates for them.

Not sure what to put in the .htaccess for the folder if thats even it.

Anyone know?
Woo-commerce Related Site BTW
Top
User avatar
kraze
Former staff
Former staff
Posts: 4362
Joined: Fri Sep 17, 2010 9:06 am
Location: California

Re: Locking a directory for downloads?

Post by kraze »

Yes, we talk about how to do that here.
http://www.nfoservers.com/forums/viewto ... =19&t=6423
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
Top
silentwisher
A semi-regular
A semi-regular
Posts: 20
Joined: Sat Jul 13, 2013 1:09 pm

Re: Locking a directory for downloads?

Post by silentwisher »

kraze wrote:Yes, we talk about how to do that here.
http://www.nfoservers.com/forums/viewto ... =19&t=6423
I looked at this and it only solves one issue I have. The other thing is keeping bots(all of them) out as well.
Top
User avatar
rymax99
This is my homepage
This is my homepage
Posts: 143
Joined: Sun Feb 02, 2014 2:08 pm
Location: Florida
Contact:
Contact rymax99

Re: Locking a directory for downloads?

Post by rymax99 »

kraze wrote:Yes, we talk about how to do that here.
http://www.nfoservers.com/forums/viewto ... =19&t=6423
That tutorial is inaccurate. An index won't prevent people from getting the contents of a directory, for example you can recursively wget and get the contents of a directory.

For Apache, you simply add this in your .htaccess to prevent directory listing: 'Options -Indexes'.

In Nginx you use: 'autoindex off;' in your configuration file.

For keeping bots out such as search engines, you can block them via a robots.txt file to keep search engines from indexing it.
An example of a robots.txt file for keeping all search engines (that respect robots.txt, which are all major ones) would be:

Code: Select all

User-agent: *
Disallow: /downloads
Top
silentwisher
A semi-regular
A semi-regular
Posts: 20
Joined: Sat Jul 13, 2013 1:09 pm

Re: Locking a directory for downloads?

Post by silentwisher »

rymax99 wrote:
kraze wrote:Yes, we talk about how to do that here.
http://www.nfoservers.com/forums/viewto ... =19&t=6423
That tutorial is inaccurate. An index won't prevent people from getting the contents of a directory, for example you can recursively wget and get the contents of a directory.

For Apache, you simply add this in your .htaccess to prevent directory listing: 'Options -Indexes'.

In Nginx you use: 'autoindex off;' in your configuration file.

For keeping bots out such as search engines, you can block them via a robots.txt file to keep search engines from indexing it.
An example of a robots.txt file for keeping all search engines (that respect robots.txt, which are all major ones) would be:

Code: Select all

User-agent: *
Disallow: /downloads

Thanks for all this info. So just to make sure I did this right:

I put the robots.txt in the root and changed the /whatever to what it needs to be.

Also added an .htaccess file with 'Options -Indexes' in it in that wanted protected directory.
Is all that correct?
Top
User avatar
rymax99
This is my homepage
This is my homepage
Posts: 143
Joined: Sun Feb 02, 2014 2:08 pm
Location: Florida
Contact:
Contact rymax99

Re: Locking a directory for downloads?

Post by rymax99 »

silentwisher wrote:
rymax99 wrote:
kraze wrote:Yes, we talk about how to do that here.
http://www.nfoservers.com/forums/viewto ... =19&t=6423
That tutorial is inaccurate. An index won't prevent people from getting the contents of a directory, for example you can recursively wget and get the contents of a directory.

For Apache, you simply add this in your .htaccess to prevent directory listing: 'Options -Indexes'.

In Nginx you use: 'autoindex off;' in your configuration file.

For keeping bots out such as search engines, you can block them via a robots.txt file to keep search engines from indexing it.
An example of a robots.txt file for keeping all search engines (that respect robots.txt, which are all major ones) would be:

Code: Select all

User-agent: *
Disallow: /downloads

Thanks for all this info. So just to make sure I did this right:

I put the robots.txt in the root and changed the /whatever to what it needs to be.

Also added an .htaccess file with 'Options -Indexes' in it in that wanted protected directory.
Is all that correct?
Correct. To test to make sure that /whatever is protected, simply access that directory (remove the index.html if it exists), and it should throw a 403 forbidden message.
Top
silentwisher
A semi-regular
A semi-regular
Posts: 20
Joined: Sat Jul 13, 2013 1:09 pm

Re: Locking a directory for downloads?

Post by silentwisher »

It throws a 500 Internal Server Error.
Top
doulos9
This is my homepage
This is my homepage
Posts: 200
Joined: Sun Sep 15, 2013 9:44 pm

Re: Locking a directory for downloads?

Post by doulos9 »

silentwisher wrote:It throws a 500 Internal Server Error.
That is more than likely to be a result of adding Options -Indexes to your .htaccess file. Comment it out and see if you still get the 500 error.
Top
User avatar
rymax99
This is my homepage
This is my homepage
Posts: 143
Joined: Sun Feb 02, 2014 2:08 pm
Location: Florida
Contact:
Contact rymax99

Re: Locking a directory for downloads?

Post by rymax99 »

The web server probably doesn't allow override, which would cause that error.
Top
silentwisher
A semi-regular
A semi-regular
Posts: 20
Joined: Sat Jul 13, 2013 1:09 pm

Re: Locking a directory for downloads?

Post by silentwisher »

rymax99 wrote:The web server probably doesn't allow override, which would cause that error.
Alright so support pointed out I had a extra character there. So now thats fixed. So for confirmation, as long as they dont have the link they cant find it basically?
Top
doulos9
This is my homepage
This is my homepage
Posts: 200
Joined: Sun Sep 15, 2013 9:44 pm

Re: Locking a directory for downloads?

Post by doulos9 »

silentwisher wrote:Alright so support pointed out I had a extra character there. So now thats fixed.
the smallest syntax error in your htaccess file will get you a Error 500: Internal Server Error.
Top
User avatar
rymax99
This is my homepage
This is my homepage
Posts: 143
Joined: Sun Feb 02, 2014 2:08 pm
Location: Florida
Contact:
Contact rymax99

Re: Locking a directory for downloads?

Post by rymax99 »

silentwisher wrote:
rymax99 wrote:The web server probably doesn't allow override, which would cause that error.
Alright so support pointed out I had a extra character there. So now thats fixed. So for confirmation, as long as they dont have the link they cant find it basically?
Correct.
Top
silentwisher
A semi-regular
A semi-regular
Posts: 20
Joined: Sat Jul 13, 2013 1:09 pm

Re: Locking a directory for downloads?

Post by silentwisher »

rymax99 wrote:
silentwisher wrote:
rymax99 wrote:The web server probably doesn't allow override, which would cause that error.
Alright so support pointed out I had a extra character there. So now thats fixed. So for confirmation, as long as they dont have the link they cant find it basically?
Correct.
Awesome! Well I appreciate all the help! :D 8)
Top
User avatar
rymax99
This is my homepage
This is my homepage
Posts: 143
Joined: Sun Feb 02, 2014 2:08 pm
Location: Florida
Contact:
Contact rymax99

Re: Locking a directory for downloads?

Post by rymax99 »

No problem.
Top
Post Reply

Return to “Webhosting”