Solved

htaccess file to restrict download of pdf files unless they are a registered user

Posted on 2010-11-23
7
373 Views
Last Modified: 2012-05-10
I'm new to this. I want to make sure that my pdf files cannot be downloaded if someone just types that path to the pdf file in the browser.  I plan on restricting the link to the pdf files on my webpages in my php code.  

It sounds like I need to use an .htaccess file but I'm not sure how to write it.  Can anyone help me???

Thanks in advance...
0
Comment
Question by:ChampagneGal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 13

Expert Comment

by:dsmile
ID: 34198785
Try this: any attempt to get .pdf files directly will be redirected to somesite you want.
RewriteEngine On
RewriteCond %{REQUEST_URI} \.pdf$ [NC]
RewriteRule (.*) http://somesite [L,R]

Open in new window

0
 
LVL 13

Expert Comment

by:dsmile
ID: 34198843
If you just want to show a 403 page, to any request on pdf file, then you can use this instead


<FilesMatch "\.(pdf)$">
order deny,allow
deny from all
</FilesMatch>

Open in new window

0
 
LVL 2

Accepted Solution

by:
benschwartz earned 500 total points
ID: 34199777
The pattern I always follow is to keep protected files out of your document root. So the pdf could live next to httpdocs:

/var/www/httpdocs/
/var/www/pdf/

then you can have a "pdf downloader" script that you would use like "site.com/downloader.php?pdf=file.pdf" and would look something like:
   
    if ($isLoggedIn) {
        print file_get_contents("../pdf/" . $_GET['pdf']);
    } else {
        throw new Exception("Permission Denied");
    }

This will allow you to have custom permission checking & keep your pdfs safely out of the public eye
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Closing Comment

by:ChampagneGal
ID: 34200252
Thank you so much.  I did not know that was possible so I'm looking forward to trying this.
0
 

Author Comment

by:ChampagneGal
ID: 34200262
If I put my video files outside of the root will that keep people from being able to download them via Real Player?
0
 
LVL 2

Expert Comment

by:benschwartz
ID: 34200338
yeah, same principal - just proxy it through with php's file_get_contents()

If you run into trouble with the browser recognizing the file type, you may have to apply a mime type with the header function. You can also force the file to download as it's original name (and any number of other things) with the header function:

header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename="downloaded.pdf"');

If you like, also look at "readfile()" as a file_get_contents() alternative.
0
 

Author Comment

by:ChampagneGal
ID: 34200368
Thanks, I'll try it tomorrow.  Happy Thanksgiving  :-)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article discusses four methods for overlaying images in a container on a web page
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question