0

i have some indexed document files ( .doc , .docx and .pdf ) stored in a folder in the website.

when i type the full address of the file ( ex http://www.website.com/folder1/folder2/1.doc ) the visitor or any body who is viewing the website can easily download the file.

are there any way to prevent this. are there any configuration has to be done to the .htaccess file to prevent this from happening.

also if folder2 contains only document file, how can i prevent a listing of the files inside this folder in case apache stoped running.

thank you

bogha
  • 235
  • 4
  • 12
  • 1
    "how can i prevent a listing of the files inside this folder in case apache stoped running." <- If apache stops running, I think you're set. – R. Martinho Fernandes Jan 01 '10 at 17:57
  • it happend that the hosting company suddenly had some problems in thier server and apache stopped running. the folder that contains only the .doc .docx and .pdf list of files could be viewed by writing the full url of their directory in the address bar and the visitor could easily download these files becouse they were listed as a files under a directory – bogha Jan 01 '10 at 23:52

2 Answers2

1

You have indexed document files mean, you letting crawlers to fetch your files, but you don't want people typing exact URL and downloading it.

So, here is few examples

Welcome for Googlebot, but when there is no referer, reject it.

SetEnvIf User-Agent "Googlebot" welcome

SetEnvIf Referer "^$" reject

order Allow,Deny
Allow from env=welcome
Deny from env=reject

(Note:Referer can explicitly disable in web browsers, and there is still many other ways to get the files, instead of typing exact url in browsers.)

YOU
  • 481
  • 1
  • 6
  • 9
0

To prevent access to some specific files, using htaccess, you can write the following:

<files 1.doc>
 order allow,deny
 deny from all
</files>

inside your .htaccess, that is located in the directory that contains 1.doc.

If you want to prevent access to specific file types in general, you could use:

<FilesMatch "\.(doc|pdf)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>

You can edit the list inside the parenthesis to fit your needs.

For more things you could do with htaccess, see the following: http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

Regarding the "how can i prevent a listing of the files inside this folder in case apache stoped running.", I'm not quite sure what you mean...if apache stops running, noone can access anything!

  • the .htaccess file now has the following Options All -Indexes Order Allow,Deny Deny from all but i still can download the files if i type the full address. – bogha Jan 01 '10 at 23:38