hosted by liquidweb

Go Back   Web Hosting Talk : Web Hosting Main Forums : Programming Discussion : Best Way to Protect Files?

Forum Jump

Best Way to Protect Files?

Reply Post New Thread In Programming Discussion Subscription
Send news tip View All Posts Thread Tools Search this Thread Display Modes
Web Hosting Evangelist
Join Date: Jan 2008
Location: England
Posts: 534
Originally Posted by Xantar View Post
Anywayz derailed it a bit.. But as previously poitned out, not looking for a PHP solutions, i think apache should able to do it, since i see alot of one click file sharing does this, the files are not necessary located at the download http link.
The vast majority of file sharing sites use one of the modules I mentioned earlier, or a custom module or server side language.

If the only reason why you don't want to use the modules I listed earlier is brute forcing, then you can use a 50 digit alphanumeric key that would never get bruteforced. You can also edit the code and add an extra hash (what our company did) which means that people will have no idea how the hash is made up, or even what algorithm it is, so then cant brute force it.

Sponsored Links
WHT Addict
Join Date: May 2009
Posts: 119
can it access different "folder" with that script?


Accessible via


Because i read your previous script, it only access if
SERVER/sercretfile/ is SERVER/download/sercretfile/

Web Hosting Evangelist
Join Date: Jan 2008
Location: England
Posts: 534
I only have experience using this nginx module (and I customized it a bit):

Which was discontinued when nginx came out with their official module which I listed in my previous post, and appears to do the same thing as the above 3rd party module.

We have it configured like so:
 secure_download                 on;
secure_download_secret          SECRETKEY$remote_addr;
secure_download_path_mode       file;
secure_download_fail_location   /fail.html;

root /home/files;
So, when we generate the link in php it looks like this:


We then redirect the user to that link. When the user arrives on the fileserver with the above link, if the url and auth hash checks out, they are served:


When someone goes to site.tld/folder/filename they are shown /fail.html. So the only way to access the file would be to, as you said, bruteforce the authhash. We use a very long secretkey plus a customized hash method so its extremely unlikely that it'll ever be bruteforced.

We offer many large files too, and found this to be the best option, and found nginx by far the best httpd to use in terms of performance.

Sponsored Links
WHT Addict
Join Date: May 2009
Posts: 119
Okay i have a check when i have some free time

Would be a lot better if there any other options in apache already does that with say .htaccess

Temporarily Suspended
Join Date: Mar 2012
Location: Saudi Arabia
Posts: 11
If you have CPanel, you can add any not public files on the root of your account where no public access beside public_html folder


Similar Threads
Thread Thread Starter Forum Replies Last Post
suPHP - Protect User's Files awells527 Hosting Security and Technology 5 11-10-2008 02:27 AM
how protect files rob2 Web Hosting 3 09-30-2007 10:43 AM
How to protect flash files? kioshi Hosting Security and Technology 5 02-23-2006 12:32 AM
Need to protect files from leetchers vpsfusion Programming Discussion 11 01-13-2006 02:42 PM
How do I protect files? WebBloom Hosting Security and Technology 3 11-01-2001 11:39 PM

Related posts from
Title Type Date Posted

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Log in with your username and password

Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Web Hosting News:
WHT Membership
WHT Membership



Welcome to

Create your username to jump into the discussion! is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.

(4 digit year)

Already a member?