How to restrict access file from Apache Server?

Question

If I allow user to upload file, after user uploaded the file, the file will go to

wwww.someplace.com/public_file/... ....

So, everybody can get access the file. But I would like to make some restrictions on that. For example, I want to reduce the downloading speed for non-login users. How can I do that? Also, if I want to limit the user to get the files if he/she don't have a user right... ... For example, if some user upload to

wwww.someplace.com/secret_place/... ...

Only the user have some rights, can get access to this place... ...How can I do that? Should I do this in the web application and the Apache Server config too? Thank you.

Answer 1

For users you can split this between Apache and your application as I know most servers support using a database for authentication; Apache certainly supports many methods of authentication, you should find some useful info here: http://httpd.apache.org/docs/current/howto/auth.html

One thing to note is that if you were to do this exclusively in the application then it would be easily by-passable. You can restrict the download speeds for non-logged in users using traffic shaping.

Answer 2

Hi,

let’s consider that we want to deny access to all files with the extension .inc. In order to achieve this we will add the following configuration lines in the appropriate context (either global config, or vhost/directory, or from .htaccess):

Order allow,deny Deny from all

Similar to this we can deny access to whatever files we might need…