4

Here's the URL http://www.website.com/uploads/pvtimages/image.png

I don't want the image to be displayed to anybody, not even to me but can be downloaded

i...e <a href="http://www.website.com/uploads/pvtimages/image.png">Download</a> i..e only from a specific page (download.php)

I want all images in that folder to be protected.

Is it possible?? using php or .htaccess or both?

Dhruv Kumar Jha
  • 6,421
  • 8
  • 37
  • 48

3 Answers3

2

Yes, put the following header in your .htaccess file:

<Files image.png>
Header set Content-Disposition attachment
</Files>

Of course you can also send this header via PHP, but htacesss makes much more sense in this case. However, it only prevents it from being displayed in the browser. Everyone can download it knowing the link! You cannot really protect images unless you add something like password protection to your site.

You can prevent some hotlinking through referer checks though - but that's just to stop dumb webmasters from embedding your images.. it won't stop anyone who really wants your stuff. But if that's fine for you.. have a look at Allow/deny image hotlinking with .htaccess

Community
  • 1
  • 1
ThiefMaster
  • 310,957
  • 84
  • 592
  • 636
  • See my answer for how to protect things properly so that they can't be downloaded, as there *is* no valid link to the resource. – El Yobo Dec 03 '10 at 01:41
  • Great, how to block all the images in that folder from getting viewed? – Dhruv Kumar Jha Dec 03 '10 at 01:41
  • Simply get rid of the block around it. But **make sure you know what it does** - it does **not** add any security, it simply causes a download window to appear instead of the browser displaying the image. – ThiefMaster Dec 03 '10 at 01:42
1

I seem to be answering this question a lot lately... Look, if you don't want something accessed by URL, you don't need to use .htaccess, or PHP. Just don't put it inside the document root at all.

See my answer here, which explains the structure you should use. You can then use PHP to download it; my answer here explains how to download a file with PHP. Doing things this way is easier to maintain, easier to implement and more secure.

Note that this doesn't just apply to images, etc, but also to your PHP libraries and whatever else. Generally, I have one PHP file (e.g. index.php) in the document root, a little bit of CSS, JS and a few images. Everything else should generally be somewhere else.

Community
  • 1
  • 1
El Yobo
  • 14,823
  • 5
  • 60
  • 78
  • I don't think that answers the question. He does want the image to be downloadable. ThiefMaster's answer is more appropriate – Ben Dec 03 '10 at 02:16
  • I don't think you read my answer; it allows for downloading the image, but prevents it being downloaded directly by URL, which is exactly what he has asked for (being downloaded through download.php). – El Yobo Dec 03 '10 at 02:18
0

Add this to your .htaccess.

RewriteEngine On

RewriteRule ^(?:uploads/pvtimages)\b - [F,L]

Or of course get it out of your document root.

This means you will need to serve the image via PHP. Just readfile() and send correct headers.

alex
  • 479,566
  • 201
  • 878
  • 984