Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

htaccess file to restrict download of pdf files unless they are a registered user

Posted on 2010-11-23
7
Medium Priority
?
382 Views
Last Modified: 2012-05-10
I'm new to this. I want to make sure that my pdf files cannot be downloaded if someone just types that path to the pdf file in the browser.  I plan on restricting the link to the pdf files on my webpages in my php code.  

It sounds like I need to use an .htaccess file but I'm not sure how to write it.  Can anyone help me???

Thanks in advance...
0
Comment
Question by:ChampagneGal
  • 3
  • 2
  • 2
7 Comments
 
LVL 13

Expert Comment

by:dsmile
ID: 34198785
Try this: any attempt to get .pdf files directly will be redirected to somesite you want.
RewriteEngine On
RewriteCond %{REQUEST_URI} \.pdf$ [NC]
RewriteRule (.*) http://somesite [L,R]

Open in new window

0
 
LVL 13

Expert Comment

by:dsmile
ID: 34198843
If you just want to show a 403 page, to any request on pdf file, then you can use this instead


<FilesMatch "\.(pdf)$">
order deny,allow
deny from all
</FilesMatch>

Open in new window

0
 
LVL 2

Accepted Solution

by:
benschwartz earned 2000 total points
ID: 34199777
The pattern I always follow is to keep protected files out of your document root. So the pdf could live next to httpdocs:

/var/www/httpdocs/
/var/www/pdf/

then you can have a "pdf downloader" script that you would use like "site.com/downloader.php?pdf=file.pdf" and would look something like:
   
    if ($isLoggedIn) {
        print file_get_contents("../pdf/" . $_GET['pdf']);
    } else {
        throw new Exception("Permission Denied");
    }

This will allow you to have custom permission checking & keep your pdfs safely out of the public eye
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Closing Comment

by:ChampagneGal
ID: 34200252
Thank you so much.  I did not know that was possible so I'm looking forward to trying this.
0
 

Author Comment

by:ChampagneGal
ID: 34200262
If I put my video files outside of the root will that keep people from being able to download them via Real Player?
0
 
LVL 2

Expert Comment

by:benschwartz
ID: 34200338
yeah, same principal - just proxy it through with php's file_get_contents()

If you run into trouble with the browser recognizing the file type, you may have to apply a mime type with the header function. You can also force the file to download as it's original name (and any number of other things) with the header function:

header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename="downloaded.pdf"');

If you like, also look at "readfile()" as a file_get_contents() alternative.
0
 

Author Comment

by:ChampagneGal
ID: 34200368
Thanks, I'll try it tomorrow.  Happy Thanksgiving  :-)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
This article discusses how to create an extensible mechanism for linked drop downs.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question