Allow users to download files outside webroot

Question

Hello I am using PHP to allow users to upload files and I have them sitting in a folder outside webroot (/var/www) folder for security reasons. It is in the folder /var/uploads. A user uploads files for specific records. Once the the uploaded files are moved to the uploads folder, the address of the attachment is stored in the database. Now whenever a user checks the record, attachments for the specific record are going to be displayed for downloads.

Since they are out of the webroot, I am unable to get them downloaded as they would have a url of

http://localhost/var/uploads/attachment.txt

Do we have a solution or should it downloadable folders be child directories of the webroot?

<?php
$con = mysql_connect("localhost","id","pass");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("db", $con);

$result = mysql_query("select * from attachments");

while($row = mysql_fetch_array($result))
{
echo '<a href="'.$row[2].'" target="_blank">Download</a>--'.$row[3].'<br>';
}

mysql_close($con);
?> 

is the code I am using. The folder's owner is www-data:/ or the web server. So there should be no access issues.

Answer 1

Use

• a symlink pointing to /var/uploads (tutorial here)

• a Apache Alias directive Alias /uploads /var/uploads (must be in httpd.conf)

• or a proxy PHP script that accepts a GET variable filename=upload.jpg and fetches the file e.g. using fpassthru()

the latter is the least preferable option because it is resource intensive, but sometimes it's the only alternative. It also needs proper securing to prevent an attacker from getting other files on your server through the proxy.

Answer 2

You can, just have a php file that echos the contents the file to the response, and set the mime-type appropriately.