Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

htaccess file to restrict download of pdf files unless they are a registered user

Posted on 2010-11-23
7
Medium Priority
?
378 Views
Last Modified: 2012-05-10
I'm new to this. I want to make sure that my pdf files cannot be downloaded if someone just types that path to the pdf file in the browser.  I plan on restricting the link to the pdf files on my webpages in my php code.  

It sounds like I need to use an .htaccess file but I'm not sure how to write it.  Can anyone help me???

Thanks in advance...
0
Comment
Question by:ChampagneGal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 13

Expert Comment

by:dsmile
ID: 34198785
Try this: any attempt to get .pdf files directly will be redirected to somesite you want.
RewriteEngine On
RewriteCond %{REQUEST_URI} \.pdf$ [NC]
RewriteRule (.*) http://somesite [L,R]

Open in new window

0
 
LVL 13

Expert Comment

by:dsmile
ID: 34198843
If you just want to show a 403 page, to any request on pdf file, then you can use this instead


<FilesMatch "\.(pdf)$">
order deny,allow
deny from all
</FilesMatch>

Open in new window

0
 
LVL 2

Accepted Solution

by:
benschwartz earned 2000 total points
ID: 34199777
The pattern I always follow is to keep protected files out of your document root. So the pdf could live next to httpdocs:

/var/www/httpdocs/
/var/www/pdf/

then you can have a "pdf downloader" script that you would use like "site.com/downloader.php?pdf=file.pdf" and would look something like:
   
    if ($isLoggedIn) {
        print file_get_contents("../pdf/" . $_GET['pdf']);
    } else {
        throw new Exception("Permission Denied");
    }

This will allow you to have custom permission checking & keep your pdfs safely out of the public eye
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Closing Comment

by:ChampagneGal
ID: 34200252
Thank you so much.  I did not know that was possible so I'm looking forward to trying this.
0
 

Author Comment

by:ChampagneGal
ID: 34200262
If I put my video files outside of the root will that keep people from being able to download them via Real Player?
0
 
LVL 2

Expert Comment

by:benschwartz
ID: 34200338
yeah, same principal - just proxy it through with php's file_get_contents()

If you run into trouble with the browser recognizing the file type, you may have to apply a mime type with the header function. You can also force the file to download as it's original name (and any number of other things) with the header function:

header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename="downloaded.pdf"');

If you like, also look at "readfile()" as a file_get_contents() alternative.
0
 

Author Comment

by:ChampagneGal
ID: 34200368
Thanks, I'll try it tomorrow.  Happy Thanksgiving  :-)
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question