Protecting a single .exe-file for downloading with htaccess and htpasswd

.htaccessauthenticationhtpasswd

I have this, and only this, in a .htaccess file inside my downloads folder:

<FilesMatch "\.(exe)$">
  AuthType Basic
  AuthName "Downloads"
  AuthUserFile path/to/.htpasswd
  Require valid-user
</FilesMatch>

Once I click the link to download a href="fileName.exe">FileName</a>, I'm getting a 500 server error.

If I leave out the <FilesMatch>-part; The protection part is working, I guess, since I get the login box.
But once I get into the protected area, the 500 server error occurs.

What am I doing wrong here?

My intention was to protect only a single .exe file to prevent downloaded by anyone.

Is there any easier or more correct way of doing this?

Best Answer

If you didn't make a typo when asking firs line should be <FilesMatch ~ "\.(exe)$"> All info you can get from http://httpd.apache.org/docs/2.0

Related Solutions

Linux – How to disable hot linking and direct linking to files on the site

The problem with the first excerpt may be the RewriteRule line.

Where you have:

RewriteRule \.(mp3|pdf)$ - [F,NC,L]

perhaps you want:

RewriteRule .*\.(mp3|pdf)$ - [F,NC,L]

As is, I think you're matching the specific files '.mp3' or '.pdf'. You want to match 'foo.mp3' or 'bar.pdf' (for varying foo and bar).

On the second excerpt.. The start looks suspect. I don't know why you need the SetEnvIf and SetEnvIfNoCase combination. Perhaps try something like this:

SetEnvIf Referer "^http://(www\.)?mydomain.com/.*$" legit_referal
SetEnvIf Referer "^$" legit_referal
<LocationMatch "\.(pdf|mp3)$" >
   Order Deny,Allow
   Deny from all
   Allow from env=legit_referal
</LocationMatch>

Security – Where should I put the htpasswd file in a plesk domain for use with .htaccess

I usually place it in /etc/httpd/ if it's used by multiple vhosts, if only used by one domain then one dir above the webroot would do as well. You can place it in the webroot as well just make sure there's a rule denying access to files with it's naming convention(usually in place by default):

<Files ~ "^\.ht">
  Order allow,deny
  Deny from all
</Files>

Best Answer

Related Solutions

Linux – How to disable hot linking and direct linking to files on the site

Security – Where should I put the htpasswd file in a plesk domain for use with .htaccess

Related Topic