How to prevent deep linking to files on my website
Don't provide a direct link to the file you are serving. Provide a script that sends the content through the script once you hit the submit button.
Do a web search for sending files through cgi.
Here is a neat link I found online: here
If you are using PHP, you can have a script that links the user to the download but only if the $_SERVER['HTTP_REFERER']
is from your site. If it is not you redirect to your site.
Your site is hosted by an Apache web server, so you should be able to do the following in your site's httpd.conf (or virtual host block)
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com/ [NC]
RewriteRule ^/PublicFiles/ /page-about-direct-links.html
That is basically saying:
- Turn the mod_rewrite engine on
- If the HTTP Referrer is not blank…
- And doesn't contain my domain name (with or without “www.”)…
- Redirect any requests for anything under /PublicFiles/ to /page-about-direct-links.html
More information on mod_rewrite can be found here: mod_rewrite - Apache HTTP Server