This is a solution to mix public downloads and protected folders.
For this, you will need CCK, specifically CCK FileField and Content Permission. Also mod_rewrite should be enabld.
First, add a new file field to a content type, and configure its path to the directory that will be protected. For example, if /files/protected is the directory that will contain protected files, then you can either set that as the path or a folder within it.
If you have already set /files as your file system path, then there should be a .htaccess file created by drupal. You should copy that into each of the protected folders. If you don't, you may get 404 errors.
Open the .htaccess file in your root drupal directory, add the following line to the end of mod_rewrite rules:
RewriteRule ^files\/(protected\/.*)$ index.php?q=system/files/$1 [L,QSA]
Replace protected
with your top-level protected folder name. If you have other custom rewrite rules you should be more careful about where you put the above line. Putting it at the end works for me.
Lastly, on your 403 page, you can examine if user is requesting a file in a protected directory using request_uri()
and strpos()
.