Solved

.htaccess to stop users downloading pdf doc or xls

Posted on 2014-09-08
8
283 Views
Last Modified: 2014-09-28
Hi,

I am trying to achieve the following;

Stop users downloading files (pdf, doc, xls from wp-content unless they are logged into wordpress.

I have this in the wp-content folder inside .htaccess

<IfModule mod_rewrite.c>
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?729\.d38\.myftpupload\.com/ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]
</IfModule>

This is what I am trying to do.
Conditions to be met
1. If you are not logged into wordpress
2. If you referer is not my domain
3. If the requested file ends in .pdf .doc xls

Then give a 403

Else give the requested file

My result;
Page not found when logged in or not, it is like it is not seeing that I am logged in.

 Also in the root there is another .htaccess that contains;

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Any help would be appreciated

BW
0
Comment
Question by:bwilks99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 40313557
You need to stop using direct links to the documents but rather use a plugin to provide data to logged in users.

It is not something that can be done via .htaccess without conflicting with other functionality.
I.e. Using allow,deny rules with require user. What this will do is have a user logged into wp also get prompted for credentials on access to documents.
0
 
LVL 4

Author Comment

by:bwilks99
ID: 40313942
Hi, And thanks for the help.

Since I posted I did more testing (different host) and this works with standard CPanel hosting  as desired. The %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] way seams to very common way to do this.

RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]

However I am sure you know more than I on this subject. Can you tell me the name of some plug-ins that would work?

Thanks

BW
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 40315919
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 62

Expert Comment

by:gheist
ID: 40340354
Delete documents...
0
 
LVL 4

Author Comment

by:bwilks99
ID: 40340596
Not sure what you mean "Delete documents..."?
0
 
LVL 78

Expert Comment

by:arnold
ID: 40340811
My interpretation of the suggestion is that it means remove the documents from where they are now since they can be accessed directly without login into WP.

It is not clear what your organization of data is so it is difficult to suggest alternatives that will get you to where you want to be.

Additional possible plug-in
https://wordpress.org/plugins/download-manager/

In short, you are looking for a Document manager that allows you to manage the access.

Trying to use this with .htaccess will necessitate the reliance on the webserver's authentication method rather than using a single WP signon/user manager.

Please look at the WP site for their available plugins and their description, and see whether a combination of several of them does what you are looking for.
0
 
LVL 4

Author Comment

by:bwilks99
ID: 40348490
Hi Arnold,

I agree with your suggestions, here is where I am at now.

I moved to standard cpanel (same host) .htaccess is providing a working solution.

RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_FILENAME} \.(pdf|doc|xls)$ [NC]
RewriteRule . - [R=403,L]

I should use a plug-in to manage file permissions but how to close the questions?
0
 
LVL 78

Expert Comment

by:arnold
ID: 40348686
Next to each comment, there  are two options to accept the comment as a solution or accept multiple solution.
If there are multiple comments that helped, you should select the multiple option on the comment with the others selected as assisting. Here you will have the option to assign a portion of the total points to each.

If only one comment helped, check select the accept that comment as a solution.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question