Solved

.htaccess to stop users downloading pdf doc or xls

Posted on 2014-09-08
8
272 Views
Last Modified: 2014-09-28
Hi,

I am trying to achieve the following;

Stop users downloading files (pdf, doc, xls from wp-content unless they are logged into wordpress.

I have this in the wp-content folder inside .htaccess

<IfModule mod_rewrite.c>
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?729\.d38\.myftpupload\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]
</IfModule>

This is what I am trying to do.
Conditions to be met
1. If you are not logged into wordpress
2. If you referer is not my domain
3. If the requested file ends in .pdf .doc xls

Then give a 403

Else give the requested file

My result;
Page not found when logged in or not, it is like it is not seeing that I am logged in.

 Also in the root there is another .htaccess that contains;

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Any help would be appreciated

BW
0
Comment
Question by:bwilks99
  • 4
  • 3
8 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 40313557
You need to stop using direct links to the documents but rather use a plugin to provide data to logged in users.

It is not something that can be done via .htaccess without conflicting with other functionality.
I.e. Using allow,deny rules with require user. What this will do is have a user logged into wp also get prompted for credentials on access to documents.
0
 
LVL 4

Author Comment

by:bwilks99
ID: 40313942
Hi, And thanks for the help.

Since I posted I did more testing (different host) and this works with standard CPanel hosting  as desired. The %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] way seams to very common way to do this.

RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]

However I am sure you know more than I on this subject. Can you tell me the name of some plug-ins that would work?

Thanks

BW
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 40315919
0
 
LVL 61

Expert Comment

by:gheist
ID: 40340354
Delete documents...
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 4

Author Comment

by:bwilks99
ID: 40340596
Not sure what you mean "Delete documents..."?
0
 
LVL 77

Expert Comment

by:arnold
ID: 40340811
My interpretation of the suggestion is that it means remove the documents from where they are now since they can be accessed directly without login into WP.

It is not clear what your organization of data is so it is difficult to suggest alternatives that will get you to where you want to be.

Additional possible plug-in
https://wordpress.org/plugins/download-manager/

In short, you are looking for a Document manager that allows you to manage the access.

Trying to use this with .htaccess will necessitate the reliance on the webserver's authentication method rather than using a single WP signon/user manager.

Please look at the WP site for their available plugins and their description, and see whether a combination of several of them does what you are looking for.
0
 
LVL 4

Author Comment

by:bwilks99
ID: 40348490
Hi Arnold,

I agree with your suggestions, here is where I am at now.

I moved to standard cpanel (same host) .htaccess is providing a working solution.

RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]

I should use a plug-in to manage file permissions but how to close the questions?
0
 
LVL 77

Expert Comment

by:arnold
ID: 40348686
Next to each comment, there  are two options to accept the comment as a solution or accept multiple solution.
If there are multiple comments that helped, you should select the multiple option on the comment with the others selected as assisting. Here you will have the option to assign a portion of the total points to each.

If only one comment helped, check select the accept that comment as a solution.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now