Hi there,
I have installed Zen Cart as an addon via cPanel on an Australian Web Host. So far so good. This site is for my nephew in Perth who wishes to sell music (primarily in .mp3 format)
I have set up downloadable products and all went well until I came to clicking the Download button for a music file. There is no 'Save File As' dialog but instead the file opens up in the default music program and starts playing. Also, I have noticed that if I use a direct URL to the file I can access it - I want to secure this (download directoy) so this does not happen.
I have played with the .htaccess file in download directory to no avail. Any help would be much appreciated. Following is my current .htaccess file in downloads.
Thanks.
#
# @copyright Copyright 2003-2010 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version $Id: .htaccess 16111 2010-04-29 22:39:02Z drbyte $
#
AuthType Basic
AuthName "No access"
AuthUserFile .htnopasswd
AuthGroupFile /dev/null
#Require valid-user
AddType application/octet-stream .mov
AddType application/octet-stream .avi
AddType application/octet-stream .mpg
AddType application/octet-stream .jpg
AddType application/octet-stream .mp3
###############################
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified.
# Example:
#<Directory "/usr/local/apache/htdocs">
# AllowOverride Limit Options Indexes
#</Directory>
###############################
# deny *everything*
<FilesMatch ".*">
Order Allow,Deny
Deny from all
</FilesMatch>
# but now allow just *certain* necessary files:
<FilesMatch ".*\.(zip|ZIP|gzip|pdf|PDF|mp3|MP3|swf|SWF|wma|WMA)$">
Order Allow,Deny
Allow from all
# tell all downloads to automatically be treated as "save as" instead of launching in an application directly
# (just uncomment the next 2 lines by removing the '#'):
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
IndexIgnore */*
## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI


Reply With Quote
