Solved

.htaccess to stop users downloading pdf doc or xls

Posted on 2014-09-08
8
265 Views
Last Modified: 2014-09-28
Hi,

I am trying to achieve the following;

Stop users downloading files (pdf, doc, xls from wp-content unless they are logged into wordpress.

I have this in the wp-content folder inside .htaccess

<IfModule mod_rewrite.c>
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?729\.d38\.myftpupload\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]
</IfModule>

This is what I am trying to do.
Conditions to be met
1. If you are not logged into wordpress
2. If you referer is not my domain
3. If the requested file ends in .pdf .doc xls

Then give a 403

Else give the requested file

My result;
Page not found when logged in or not, it is like it is not seeing that I am logged in.

 Also in the root there is another .htaccess that contains;

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Any help would be appreciated

BW
0
Comment
Question by:bwilks99
  • 4
  • 3
8 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 40313557
You need to stop using direct links to the documents but rather use a plugin to provide data to logged in users.

It is not something that can be done via .htaccess without conflicting with other functionality.
I.e. Using allow,deny rules with require user. What this will do is have a user logged into wp also get prompted for credentials on access to documents.
0
 
LVL 4

Author Comment

by:bwilks99
ID: 40313942
Hi, And thanks for the help.

Since I posted I did more testing (different host) and this works with standard CPanel hosting  as desired. The %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] way seams to very common way to do this.

RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]

However I am sure you know more than I on this subject. Can you tell me the name of some plug-ins that would work?

Thanks

BW
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 40315919
0
 
LVL 61

Expert Comment

by:gheist
ID: 40340354
Delete documents...
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 4

Author Comment

by:bwilks99
ID: 40340596
Not sure what you mean "Delete documents..."?
0
 
LVL 76

Expert Comment

by:arnold
ID: 40340811
My interpretation of the suggestion is that it means remove the documents from where they are now since they can be accessed directly without login into WP.

It is not clear what your organization of data is so it is difficult to suggest alternatives that will get you to where you want to be.

Additional possible plug-in
https://wordpress.org/plugins/download-manager/

In short, you are looking for a Document manager that allows you to manage the access.

Trying to use this with .htaccess will necessitate the reliance on the webserver's authentication method rather than using a single WP signon/user manager.

Please look at the WP site for their available plugins and their description, and see whether a combination of several of them does what you are looking for.
0
 
LVL 4

Author Comment

by:bwilks99
ID: 40348490
Hi Arnold,

I agree with your suggestions, here is where I am at now.

I moved to standard cpanel (same host) .htaccess is providing a working solution.

RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]

I should use a plug-in to manage file permissions but how to close the questions?
0
 
LVL 76

Expert Comment

by:arnold
ID: 40348686
Next to each comment, there  are two options to accept the comment as a solution or accept multiple solution.
If there are multiple comments that helped, you should select the multiple option on the comment with the others selected as assisting. Here you will have the option to assign a portion of the total points to each.

If only one comment helped, check select the accept that comment as a solution.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now