Solved

htaccess file to restrict download of pdf files unless they are a registered user

Posted on 2010-11-23
7
372 Views
Last Modified: 2012-05-10
I'm new to this. I want to make sure that my pdf files cannot be downloaded if someone just types that path to the pdf file in the browser.  I plan on restricting the link to the pdf files on my webpages in my php code.  

It sounds like I need to use an .htaccess file but I'm not sure how to write it.  Can anyone help me???

Thanks in advance...
0
Comment
Question by:ChampagneGal
  • 3
  • 2
  • 2
7 Comments
 
LVL 13

Expert Comment

by:dsmile
ID: 34198785
Try this: any attempt to get .pdf files directly will be redirected to somesite you want.
RewriteEngine On
RewriteCond %{REQUEST_URI} \.pdf$ [NC]
RewriteRule (.*) http://somesite [L,R]

Open in new window

0
 
LVL 13

Expert Comment

by:dsmile
ID: 34198843
If you just want to show a 403 page, to any request on pdf file, then you can use this instead


<FilesMatch "\.(pdf)$">
order deny,allow
deny from all
</FilesMatch>

Open in new window

0
 
LVL 2

Accepted Solution

by:
benschwartz earned 500 total points
ID: 34199777
The pattern I always follow is to keep protected files out of your document root. So the pdf could live next to httpdocs:

/var/www/httpdocs/
/var/www/pdf/

then you can have a "pdf downloader" script that you would use like "site.com/downloader.php?pdf=file.pdf" and would look something like:
   
    if ($isLoggedIn) {
        print file_get_contents("../pdf/" . $_GET['pdf']);
    } else {
        throw new Exception("Permission Denied");
    }

This will allow you to have custom permission checking & keep your pdfs safely out of the public eye
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Closing Comment

by:ChampagneGal
ID: 34200252
Thank you so much.  I did not know that was possible so I'm looking forward to trying this.
0
 

Author Comment

by:ChampagneGal
ID: 34200262
If I put my video files outside of the root will that keep people from being able to download them via Real Player?
0
 
LVL 2

Expert Comment

by:benschwartz
ID: 34200338
yeah, same principal - just proxy it through with php's file_get_contents()

If you run into trouble with the browser recognizing the file type, you may have to apply a mime type with the header function. You can also force the file to download as it's original name (and any number of other things) with the header function:

header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename="downloaded.pdf"');

If you like, also look at "readfile()" as a file_get_contents() alternative.
0
 

Author Comment

by:ChampagneGal
ID: 34200368
Thanks, I'll try it tomorrow.  Happy Thanksgiving  :-)
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question