.htaccess - DENY direct download of file using php

Question

I have .doc and .zip files in download directory on my server. whoever visit my site page (download-file.php) only those user should be able to download these files and other should not.

I am trying to achieve above but no luck...

I am still able to put direct file address (http://example.com/sample.doc) in browser and I am able to download which I don't want..even someone else giving link to above file on any website then also download should not happen.

Could any one please share some idea..how i should achieve this.

Thank you in advance.

Answer 1

In the htaccess file in your document root, you can include these rules:

RewriteEngine On
# you can add whatever extensions you want routed to your php script
RewriteCond %{REQUEST_URI} .(doc|zip|pdf)$ [NC]
RewriteRule ^(.*)$ /download-file.php?filename=$1 [L]

Then in your download-file.php, you can display whatever you need to display and the download link, which your php script can just immediately serve the file using php's readfile() (see link for examples)