I have a zip file in my JSP application for clients to access (password-protected by tomcat).
I also have a JSP that will detect the last time user tries to access, how many times they have accessed, etc. before it redirects user to the zip file. But this is the ideal case. There's no way to prevent user from accessing the zip file directly.
How do I make sure that the clients only will be able to access the zip file through the JSP page?