I'm pretty new to apache configurations, so hopefully this is an easy fix. I read the how-to on mod_security - very informative and very useful, but I need more specific help on this. What I'm trying to do is set up a downloads folder so that registered users of one of my sites can click on a link and download a file. I need to secure said folder from people not linking from the site (as the link will only appear for registered users). Is there a way to set up the conf file to apply security settings to a specific directory rather than the entire webhost? Is there a better way to accomplish this? I believe the directive that I'm looking for is Code: SetFilter !php Thanks in advance for the help, and let me know if you need more information.
You can place the directives between Code: <Directory /path/to/directory> ... </Directory> in your vhost configuration and restart Apache. http://httpd.apache.org/docs/2.0/mod/core.html#directory
Here's what I came up with Code: SetEnvIf Referer "http://www.domain.com/" site_referal <Directory /path/to/file> Order Deny, Allow Deny from all Allow from env=site_referal </Directory> If there's a better way to do this, I'd really like to know. As I said before, I really don't know what I'm doing, so I'm quite grateful.