This module uses token based authentication to secure downloads and prevent deep-linking. Have your script or servlet generate a token to authenticate the download and let Apache handle the file transfer without having to pipe it through a script for security. You can find downloads, daily snapshots and support information at http://www.synd.info/ USAGE The token is an hex-encoded MD5 hash of the secret password, relative file path and the timestamp. It is encoded onto the URI as: <uri-prefix><token>/<timestamp-in-hex><rel-path> For example /protected/dee0ed6174a894113d5e8f6c98f0e92b/43eaf9c5/path/to/file.txt where the token is generated as md5("secret" + "/path/to/file.txt" + dechex(time_now())) with the following configuration in httpd.conf <Location /protected/> AuthTokenSecret "secret" AuthTokenPrefix /protected/ AuthTokenTimeout 60 </Location The actual file would be located in /protected/path/to/file.txt CREDITS Implementation ideas were taken from mod_secdownload for LIGHTTPD - http://trac.lighttpd.net/trac/wiki/Docs%3AModSecDownload