Article: Defend Your Thank You Folders From URL Guessers

by Robert Plank

If you sell downloadable products, you're going to have a thank you page (a URL where the buyer is redirected after a sale). With just a couple lines of HTACCESS code you can make that folder airtight.

You shouldn't be putting a buyer through a mandatory signup process to download the product. They already paid, just give them the file right away and offer a chance to optin for updates later. Otherwise you'll be getting lots of support emails from people asking where the product is they just paid for.

It's always smart to name your thank you page something with a number a name like postorder735.html or thankyou9987.html will do. You just want to make this impossible to guess.

When it's possible I like to separate the sales page from the download, so I stash them in a folder called something like "download" or "order." Problem: If you have these separate folders, these URL guessers can see the contents of them.

The obvious solution is to put an index.html in the folder, which keeps its contents from being listed... but what if you have, say, 25 of these folders? Do you need 25 index.html files?

No, and that's where HTACCESS comes in. Open up a new text file in Notepad and put this text in exactly:

Options Indexes

Then save the file as: .htaccess (WITH that dot in front)

Upload it to the root of your web site. Now, if you try to view the contents of a folder that's missing an index.html file, your browser will show a "403 Forbidden" error.

Don't worry, this won't block out all files. It will simply keep a guesser from viewing a list of what files are in a given folder.

If you don't want to see that ugly generic Forbidden page, you can supply your own by adding this line to that .htaccess file of yours:

ErrorDocument 403 /sorry.html

Now you can put your message into a HTML file (maybe it could be a link to the main page of your site), put it into a file named sorry.html and upload it. Now you'll have a friendly notice that says anything you want.

One last bonus tip for you. If your forbidden message is extremely short, you don't even need to create a separate HTML document. If it's possible for your message to fit all on one line you can remove that ErrorDocument line above from your .htaccess file and put in something like this:

ErrorDocument 403 "Sorry...

I'm aware that there is a starting quote and no ending quote. That's just how you have to type it. If you put in a quote at the end there it would show up in your HTML document. I know it looks funny, but it works. Remember that "Sorry..." text is HTML so you could put in line breaks, links, bold tags, H1, H2 tags, and so on. It's all up to you.

About The Author

Robert Plank

Experienced PHP/JavaScript Tutor Solves 19 Of Your Most Frustrating Direct Response Sales Page HangUps

The above article may be copied as long as this resource box is included, You may rebrand the above URL with your Clickbank ID however.

This article was posted on March 27, 2005

Related Resources

The AdSense Kid Provides Customers With An Overview Of Google AdSense, And How To Make Money From Home With AdSense And Other Affiliates. Banners And Affiliate Tools Available On The Website.

Highly Acclaimed Powerful Adsense Ready Websites To Give You More Income... Top Converting Campaign With 75% Commission, Instant Download To Customer. Great And Unique Offer. Adsense Powered Sites Is Boosting The Internet.

Affiliates, Promote A Product Thats Converting Like Crazy! Everyone Wants To Make Money With Adsense. This Simple String Of Code Increases Adsense Click Through To 100%. This Is An Easy Sell To Adsense Publishers! Earn 45% Of Every Sale. $$ Conversion!

Article Library