I have some files (mp4/pdf/etc..) that I want to deploy to my webserver, but I want access to be restricted so only users who have been authenticated can access them.
The server is running centos 7 with nginx and I have a MYSQL database as well. I understand how to authenticate users using PHP but I don’t know how to actually restrict the files from being accessed otherwise.
I expect to be able to provide authenticated users with some link to download the content, but any users who are not logged in will receive some error message.
Advertisement
Answer
Put the files outside the web server’s document root so they can’t be accessed directly by any user. Then create a download page in PHP that verifies your existing authentication, sets appropriate download headers, reads the file, and dumps the contents to the user.