I need to protect a .zip file from being downloaded w/o permission.
I would like to be able to provide a direct link to the .zip download to those who have access to the files.
<filesmatch .zip>
order deny, allow
deny from all
</filesmatch>
does not seem to work. It prevents direct links, but I am not sure how to provide the download now.
I would recommend placing the files in a separate directory. You can secure this directory with a password using basic authentication.
Your .htaccess will then be as follows:
AuthName "Log in to continue"
AuthType Basic
AuthUserFile /path/to/your/.htpasswd
<limit GET POST>
require valid-user
</limit>
Your .htpasswd should contain a line for every user that is allowed to authenticate:
test:R.NyWzK/TEEvo
(this is the line for username: test, password: test).
You can find .htpassword generators everywhere on the internet. For example:
I actually just used
<FilesMatch .zip>
order deny, allow
deny from all
</FilesMatch>
in addition to using this little PHP script when a user is authenticated
if($_POST['subDownload']){
if(file_exists('./photo_sets/photo_set_1.zip')){
$FileName = "./photo_sets/photo_set_1.zip";
header("Content-Type: application/x-zip-compressed");
header("Content-Length: " . filesize($FileName));
header("Content-Disposition: attachment; filename=\"$FileName\"");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
readfile($FileName);
}
seems to do the trick...