Solved

htaccess file to restrict download of pdf files unless they are a registered user

Posted on 2010-11-23
7
371 Views
Last Modified: 2012-05-10
I'm new to this. I want to make sure that my pdf files cannot be downloaded if someone just types that path to the pdf file in the browser.  I plan on restricting the link to the pdf files on my webpages in my php code.  

It sounds like I need to use an .htaccess file but I'm not sure how to write it.  Can anyone help me???

Thanks in advance...
0
Comment
Question by:ChampagneGal
  • 3
  • 2
  • 2
7 Comments
 
LVL 13

Expert Comment

by:dsmile
ID: 34198785
Try this: any attempt to get .pdf files directly will be redirected to somesite you want.
RewriteEngine On
RewriteCond %{REQUEST_URI} \.pdf$ [NC]
RewriteRule (.*) http://somesite [L,R]

Open in new window

0
 
LVL 13

Expert Comment

by:dsmile
ID: 34198843
If you just want to show a 403 page, to any request on pdf file, then you can use this instead


<FilesMatch "\.(pdf)$">
order deny,allow
deny from all
</FilesMatch>

Open in new window

0
 
LVL 2

Accepted Solution

by:
benschwartz earned 500 total points
ID: 34199777
The pattern I always follow is to keep protected files out of your document root. So the pdf could live next to httpdocs:

/var/www/httpdocs/
/var/www/pdf/

then you can have a "pdf downloader" script that you would use like "site.com/downloader.php?pdf=file.pdf" and would look something like:
   
    if ($isLoggedIn) {
        print file_get_contents("../pdf/" . $_GET['pdf']);
    } else {
        throw new Exception("Permission Denied");
    }

This will allow you to have custom permission checking & keep your pdfs safely out of the public eye
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Closing Comment

by:ChampagneGal
ID: 34200252
Thank you so much.  I did not know that was possible so I'm looking forward to trying this.
0
 

Author Comment

by:ChampagneGal
ID: 34200262
If I put my video files outside of the root will that keep people from being able to download them via Real Player?
0
 
LVL 2

Expert Comment

by:benschwartz
ID: 34200338
yeah, same principal - just proxy it through with php's file_get_contents()

If you run into trouble with the browser recognizing the file type, you may have to apply a mime type with the header function. You can also force the file to download as it's original name (and any number of other things) with the header function:

header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename="downloaded.pdf"');

If you like, also look at "readfile()" as a file_get_contents() alternative.
0
 

Author Comment

by:ChampagneGal
ID: 34200368
Thanks, I'll try it tomorrow.  Happy Thanksgiving  :-)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now