Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
Python, Lua and Tcl - public course schedule [here]
Private courses on your site - see [here]
Please ask about maintenance training for Perl, PHP, Java, C, C++, Ruby, MySQL and Linux / Tomcat systems
Protect Files

Posted by keith (keith), 22 March 2005

I want to host a load of PDF files on my site and allow people to access them only via my PHP Pages (when they are logged in). How can I protect these files from being directly linked by the user? I know mod_rewrite will do it by hiding the real folder but I am looking at .htaccess protection and PHP.

If however I password protect the folder using .htaccess, I get a dialogue box requesting 'username' and 'password' to get the PDF file.

I am using
header("location: pdf/product/".$prodrow['pdf']);

to get to the PDF file from my script.

Is there a way that PHP can access a .htaccess protected folder?

I am on a shared host, so cannot edit httpd.conf

Many thanks in advance.

Posted by admin (Graham Ellis), 22 March 2005
Keith,  you don't need to start "messing about" with .htaccess or anything like that - you can put the .pdf files in a totally different location to the document tree so that they don't have any URL of their own and feed them from the PHP script.

If you've got a copy of the Autumn 2004 issue of our "of course" newsletter, we use exactly this technique in the article on pages 18 and 19 that has a PHP script sending out a (random) image; if you've not got the article to hand you can download the newsletter via

Posted by keith (keith), 23 March 2005
Thanks Graham,
I will take a look at the article.

I'm not sure whether I can move them outside of the 'document tree' (web root I assume). As this is shared hosting
Do shared hosts normally offer space outside of the 'document tree' (web root)?
If so, maybe I should move away from our current one.

Posted by admin (Graham Ellis), 24 March 2005
On all the (paid) hosting services we use, it's possible for us to keep data without our area but not in the document tree, and I think this is common practise - documents in (say) an htdocs subdiretory, CGI in a cgi-bin directory, and other directories called things like logs and private and data that can be used for purposes such as I describe.   On free hosting services, you're likely to be more limited

This page is a thread posted to the opentalk forum at and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2018: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01225 708225 • FAX: 01225 793803 • EMAIL: • WEB: • SKYPE: wellho