i'll give you an example,
the site is intranet only and uses SESSION based authentication
for illustration, let's say it works like this:
in the www folder we have a "site" folder and a "docs" folder
if you are logged into [
server] you can access [
server]
but the problem is anyone within the intranet can go directly to [
server]
and view the PDF
I thought perhaps that htaccess, using a referrer conditional statement could prevent direct access to the PDFs, unless the URL request originates from within the [
server]
Or, do I have this wrong?
Your method is just as welcome, ie users being unable to to directly access [
server]
unless they are authenticated -
just not sure how to achieve this in practice...
thank you