Author Topic: Prevent direct access to Downloads  (Read 149 times)

0 Members and 1 Guest are viewing this topic.

Offline eric

  • Newbie
  • *
  • Posts: 2
Prevent direct access to Downloads
« on: 28.06.2018 23:19:57 »
Is there a common way to prevent users from bypassing the joomla/jdownloads permissions if they know the External File Link?

« Last Edit: 29.06.2018 10:37:24 by ColinM »

Offline ColinM

  • Moderator
  • *
  • Posts: 3.713
Re: Prevent direct access to Downloads
« Reply #1 on: 29.06.2018 10:35:08 »
Yes there is.
Set 'Protect your Download-directory?' to yes.  This adds an .htaccess file in the jD root directory that prevents direct access as the jd Root directory must appear in a direct link.
This .htaccess file consists of the statements:
'Options -Indexes' - which prevents it being shown as a directory,
and 'deny from all' which stops any external access.
Note the restricions however for videos and also if you do not use 'Send Downloads over PHP Script'.

Another security item is 'Activate Hotlinking protection?'  This basically stops other web sites using your site to download a file, typically used for images and the like. This may cause your site a problem if you use absolute referencing (eg http://www.yoursite.com/myimages/image.png) instead od relative referencing (eg /myimages/image.png).

'Block when the Browser does not send a Referrer?' is also useful.

EDIT I have split into a new topic with a more relevant title  Colin
« Last Edit: 29.06.2018 10:42:51 by ColinM »