How can I protect my Download Folders?
There are a variety of ways of protecting a directory from unauthorised downloading. The following notes descibe the solutions but it is only the last one that gives full protection. But it also creates a restriction when dealing with media files!
In general if a file is 'not chargeable' in say points or other mechanisms then the combination of the first two methods pus the Joomla! Access and Permission features are an excellent defence.
In this article two out of the three available protecton method use what is known as an '.htaccess' file. This file is used by the web site to enable control of many aspects, including access protection. It is not necessary to become familiar with the details of an .htaccess file except to understand that if there is an .htaccess file in a directory then the "commands" apply to the files in that directory and those files in the entire chain all the following sub directories. So typically an .htaccess file is placed in a root directory.
However an .htaccess file may be placed in one of these subdirectories to apply further conditions or to modify conditions set in an earlier .htaccess file.
1. Include index.html file
One of the simplest methods of protecting a directory and its contents is to include a file called either index.html or index.php. With this method if one makes a direct access to the folder then the browser will 'execute' the index file.
When a new Category is created by jDownloads then an index.html file is automatically inserted in the directory. The contents of this index.html file are typically as below
If executed this causes a white page on the screen.
2. Disallow "Indexes" using .htaccess file
Most web site hosts have the Indexes option deactivated as the default. But sometimes it is activated so visitors can browse to the download folders and see the files.
To disallow Indexes create a file in the jDownloads root folder with the name .htacces and include in it the single line:
3. Deny Access using .htaccess file
The above methods are effective but only if the user does not know the full filepath and file name of the file. If the user knows that information then a browser will still be able to download the file.
jDownloads recognises that in a Download with a media file if you have not provided a 'preview' then it will show the full media file from the normal download area. Importantly, jDownloads does not copy the media file to the preview directory. This is to both save space and also allow actual pre-views to be shown as described later.
Assuming temporarily there is no separate preview file associated with the Download, then the situation is summarised in the two pictures below. The one on the left is when protection is Yes, and the one on the right is when protection is No. This situation may be changed however when a preview file has been associated with the Download as described below.
If you do provide a separate preview file, generally a short clip, then all those actual previews are stored in a specific directory called ' _preview_files'. To allow these specific 'previews to be shown there is another variant of an .htaccess file that basically turns the protection off for that directory and its files.
So if you set 'Protect your Download-directory?' to Yes then another setting 'Unprotect Previews Directory?' is available. Setting this to Yes will then allow actual previews to be shown by inserting an .htaccess file that only 'unprotects' the preview directory and its files.
With 'Unprotect Preview Directory' also set to yes and there is an actual preview 'clip' then the preview will be shown.
The result is summarised in the table below.
Send over PHP
Actual Preview Shown
|No||No||Yes||Yes via Browser||Yes|
*It is assumed here that 'Unprotect Previews Directory?' is set to Yes.
**The file is protected from external 'download' attempts but downloading from internal PHP scripts is allowed.
- in Options -Global tab set 'Send over PHP' to Yes;
- in Options -Protection tab set 'Protect your Download Directory' to Yes;
- in Options -Protection tab set 'Unprotect Previews Directory?' to Yes.
Do not use the full media file as browsers allow the file being played to be downloaded!
Many media players provide 'clipping' facilities.
Colin Mercer, April 2019