.htaccess Trick To Proper Download Binary-Files

Posted at

Add this to the .htaccess at your website's root.
It will make sure binary files are
- fully supported on parallel and multi-download managers.
- explicit download-supported on older browsers.
- not sniffed for type (first few bytes).
- have proper name addition to Content-Disposition, even long names are supported.

the rule below includes a lot of extension
mostly I've extracted from 7Zip, WinRAR, WinZip, Adobe Audition and UltraISO.

it also prevents files from being executed from your website,
on client's desktop or mobile phone, especially XPI (Firefox extension) and CRX (Chrome extension)
which won't be jumping warnings from the browser (so you can finally host them safely).

naturally don't expand the rule below to web-extensions such as PHP, HTM, HTML, swf or JS otherwise your website file will suddenly be downloaded instead of being parsed..

old file-extensions such as vbs are recommended to being added, again this adds security measure, to prevent script execution (mostly from Internet-Explorer users) on their desktops.

<FilesMatch "\\.(?i:000|001|002|7z|7zip|ace|aif|ape|arj|ashdisc|au|avi|b5i|b5t|b64|b6i|b6t|bat|bhx|bif|bin|bwi|bwt|bz2|bzip|bzip2|c2d|cab|ccd|cda|cdi|cel|cif|cmd|command|cpio|cpx|cue|daa|dao|db|dbl|deb|dmg|dvd|dwd|fat|fcd|fla|flac|flp|gi|gz|gzip|hfs|hqx|iff|ima|img|iso|isz|jar|lcs|lha|lzh|lzma|m4a|mac|mdf|mds|mim|mp\\+|mp\\+\\+|mp1|mp2|mp3|mp4|mpc|mpg|mpp|ncd|nrg|ntfs|off|p2i|pcm|pdi|pxi|rar|raw|reg|rif|rpm|sam|smp|snd|sql|sql3|sqlite|squashfs|svx|swm|tao|tar|tar\\.md5|taz|tbz|tbz2|tgz|timg|tpz|txz|tz|uif|uue|vbs|vc4|vhd|voc|vox|wav|wim|wma|xar|xmd|xmf|xpi|xz|z|zip|zipx)$">

##optional - will force download, but will also make HTML5 resources for audio/video not-work no older browsers.
# <IfModule mod_mime.c>
# ForceType application/octet-stream
# </IfModule>

<IfModule mod_headers.c>
    ##fix a bug in old GoDaddy servers.
Header unset X-Content-Type-Options
Header unset Content-Disposition

    ##prevent mimetype sniffing (first few bytes can determine that a file should be opened in browser).
Header set X-Content-Type-Options "nosniff"

    ##extract filename, apply to proper (for example) Content-Disposition: attachment; file="my music.mp3"
SetEnvIf Request_URI "^.*/([^/]*)$" FILENAME=$1
Header set "Content-Disposition" "attachment;filename=\\"%{FILENAME}e\\""