How can I protect my Download Folders?
There are a variety of ways of protecting a directory from unauthorised downloading. The following notes descibe the solutions but it is only the last one that gives full protection. But it also creates a restriction when dealing with media files!
In general if a file is 'not chargeable' in say points or other mechanisms then the combination of the first two methods pus the Joomla! Access and Permission features are an excellent defence.
In this article two out of the three available protecton method use what is known as an '.htaccess' file. This file is used by the web site to enable control of many aspects, including access protection. It is not necessary to become familiar with the details of an .htaccess file except to understand that if there is an .htaccess file in a directory then the "commands" apply to the files in that directory and those files in the entire chain all the following sub directories. So typically an .htaccess file is placed in a root directory.
However an .htaccess file may be placed in one of these subdirectories to apply further conditions or to modify conditions set in an earlier .htaccess file.
Include index.html file
One of the simplest methods of protecting a directory and its contents is to include a file called either index.html or index.php. With this method if one makes a direct access to the folder then the browser will 'execute' the index file.
When a new Category is created by jDownloads then an index.html file is automatically inserted in the directory. The contents of this index.html file are typically as below
If executed this causes a white page on the screen.
Disallow "Indexes" using .htaccess file
Most web site hosts have the Indexes option deactivated as the default. But sometimes it is activated so visitors can browse to the download folders and see the files.
If Indexes are allowed, and the directory does not have either an index.html or an index.php file, then a browser will show the contents of the directory just like your filemanager would do as shown in the example opposite.
It simply shows the directory contents as a list with links to the actual file. That is they can be downloaded by the browser.
Deny Access using .htaccess file
The above methods are effective but only if the user does not know the full filepath and file name of the file. If the user knows that information then a browser will still be able to download the file.
jDownloads recognises that in a Download with a media file if you have not provided a 'preview' then it will show the full media file from the normal download area. Importantly, jDownloads does not copy the media file to the preview directory. This is to both save space and also allows actual pre-views to be shown.
- in - set 'Send Downloads using the PHP Script' to Yes;
- in - set 'Protect your Download Directory' to Yes;
- in - set 'Activate Hotlinking Protection' to Yes.
Do not use the full media file as browsers allow the file being played to be downloaded!