Download folder in Web Root - preventing direct access to files

[nigelt74]

Ok we are moving hosts and the new host doesn't appear to allow folders anywhere but the webroot

Previously we had the downloads folder below the webroot and had redirect on.

All i want to do is prevent direct download from the download folder below is the current .htaccess file, but it doesn't seem to prevent direct access at all

Code:

#
# @copyright Copyright 2003-2011 Zen Cart Development Team
# @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
# @version $Id: .htaccess 18695 2011-05-04 05:24:19Z drbyte $
#

AuthType Basic
AuthName "No access"
AuthUserFile .htnopasswd
AuthGroupFile /dev/null
#Require valid-user


###############################
#
# This is used with Apache WebServers
#
# The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions
# It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.
# Will also prevent people from seeing what is in the dir. and any sub-directories
#
# For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
# Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified. 
# Example:
#<Directory "/usr/local/apache/htdocs">
#  AllowOverride Limit Options Indexes
#</Directory>
###############################

# deny *everything*
<FilesMatch ".*">
  Order Allow,Deny
  Deny from all
</FilesMatch>

IndexIgnore */*


## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI

Failing that is there any need for the download folder to be called "download" if i were to change the name of it and the links to it in my config files would that offer some protection?

Thanks

[nigelt74]

Ok, I think it is working and this is probably only relevant to my hosting situation

I had to go into my hosting control panel and click a link that says "sync .htaccess" to get the .htaccess to work, from what i understand i have to do this whenever i alter an .htaccess file

[lhungil]

Deleted

[swguy]

Be sure to try an actual test of a file in your download directory using the URL of that file (to be sure it doesn't work).