Hey all, I'm looking for solutions/recommendations for protecting direct access to files from non-authenticated users.
I'm using a custom PHP/MySQL authentication where I have an include on every PHP page checking the users credentials (stored in a PHP session) and providing access. However, this isn't efficient for files such as images or videos that could be accessed directly by any user, effectively bypassing the PHP auth.
I've implemented an additional PHP script that serves our sensitive files from outside the web root, which works great, but I'm looking for a solution to protect these misc files inside the web root whether it be a PHP solution, mod_rewrite, Apache modules, etc.
Thanks in advance for your time!