?
Solved

.htaccess to stop users downloading pdf doc or xls

Posted on 2014-09-08
8
Medium Priority
?
298 Views
Last Modified: 2014-09-28
Hi,

I am trying to achieve the following;

Stop users downloading files (pdf, doc, xls from wp-content unless they are logged into wordpress.

I have this in the wp-content folder inside .htaccess

<IfModule mod_rewrite.c>
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?729\.d38\.myftpupload\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]
</IfModule>

This is what I am trying to do.
Conditions to be met
1. If you are not logged into wordpress
2. If you referer is not my domain
3. If the requested file ends in .pdf .doc xls

Then give a 403

Else give the requested file

My result;
Page not found when logged in or not, it is like it is not seeing that I am logged in.

 Also in the root there is another .htaccess that contains;

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Any help would be appreciated

BW
0
Comment
Question by:bwilks99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 40313557
You need to stop using direct links to the documents but rather use a plugin to provide data to logged in users.

It is not something that can be done via .htaccess without conflicting with other functionality.
I.e. Using allow,deny rules with require user. What this will do is have a user logged into wp also get prompted for credentials on access to documents.
0
 
LVL 4

Author Comment

by:bwilks99
ID: 40313942
Hi, And thanks for the help.

Since I posted I did more testing (different host) and this works with standard CPanel hosting  as desired. The %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] way seams to very common way to do this.

RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]

However I am sure you know more than I on this subject. Can you tell me the name of some plug-ins that would work?

Thanks

BW
0
 
LVL 79

Accepted Solution

by:
arnold earned 2000 total points
ID: 40315919
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 62

Expert Comment

by:gheist
ID: 40340354
Delete documents...
0
 
LVL 4

Author Comment

by:bwilks99
ID: 40340596
Not sure what you mean "Delete documents..."?
0
 
LVL 79

Expert Comment

by:arnold
ID: 40340811
My interpretation of the suggestion is that it means remove the documents from where they are now since they can be accessed directly without login into WP.

It is not clear what your organization of data is so it is difficult to suggest alternatives that will get you to where you want to be.

Additional possible plug-in
https://wordpress.org/plugins/download-manager/

In short, you are looking for a Document manager that allows you to manage the access.

Trying to use this with .htaccess will necessitate the reliance on the webserver's authentication method rather than using a single WP signon/user manager.

Please look at the WP site for their available plugins and their description, and see whether a combination of several of them does what you are looking for.
0
 
LVL 4

Author Comment

by:bwilks99
ID: 40348490
Hi Arnold,

I agree with your suggestions, here is where I am at now.

I moved to standard cpanel (same host) .htaccess is providing a working solution.

RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]

I should use a plug-in to manage file permissions but how to close the questions?
0
 
LVL 79

Expert Comment

by:arnold
ID: 40348686
Next to each comment, there  are two options to accept the comment as a solution or accept multiple solution.
If there are multiple comments that helped, you should select the multiple option on the comment with the others selected as assisting. Here you will have the option to assign a portion of the total points to each.

If only one comment helped, check select the accept that comment as a solution.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question