admin管理员组文章数量:1313802
I am trying to protect a pdf file from direct downloading. I am using the PDF Embedder plugin to embed the PDF file - a first step into preventing its download. Then with JS I have disabled mouse right click, CTRL+ shortcuts. I inserted a redirection when the browser detects JS deactivated. I have found some "holes" in my method where someone could grab the link. So in my .htaccess I added
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost/ [NC]
RewriteRule \.(pdf)$ - [F,NC]
So if someone tries to access directly the pdf file gets a 403 error. It works but partialy. If I enter the URL directly I get a 403 error. If I load the page that contains the pdf file and then I use the URL directly, a pdf viewer tab appears with the DOWNLOAD option enabled. After a couple of reloads the cache gets emptied and the "server" kicks in getting a 403 error. What should I do in order to make the PDF appear using the plugin and prevent instantly the direct access to the file?
I am trying to protect a pdf file from direct downloading. I am using the PDF Embedder plugin to embed the PDF file - a first step into preventing its download. Then with JS I have disabled mouse right click, CTRL+ shortcuts. I inserted a redirection when the browser detects JS deactivated. I have found some "holes" in my method where someone could grab the link. So in my .htaccess I added
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost/ [NC]
RewriteRule \.(pdf)$ - [F,NC]
So if someone tries to access directly the pdf file gets a 403 error. It works but partialy. If I enter the URL directly I get a 403 error. If I load the page that contains the pdf file and then I use the URL directly, a pdf viewer tab appears with the DOWNLOAD option enabled. After a couple of reloads the cache gets emptied and the "server" kicks in getting a 403 error. What should I do in order to make the PDF appear using the plugin and prevent instantly the direct access to the file?
Share Improve this question asked Oct 3, 2016 at 16:43 user12user12 11 silver badge2 bronze badges 3- Consider using EDD and its addon Free Downloads. – Nabil Kadimi Commented Oct 3, 2016 at 16:51
- 1 To prevent direct access to media you need to stream it to the browser from a location on disk not available to the web. If a file is available under the web root it can be accessed in some fashion. This is probably a job for a professional developer. – Andrew Bartel Commented Oct 3, 2016 at 17:32
- Just to play devils advocate if your PDF is visible on the screen then screen grabs can be obtained and converted with Optical Character Recognition so you can reduce the easiness of ability to download the file but cant stop it from being obtained if someone is determined. – Sam Commented Nov 25, 2019 at 22:20
1 Answer
Reset to default 1You cannot at the same time allow access to file (via embedding) and disallow access to file. That's just not practical and you waste your time on holes.
The comment is quite right that you would need to stream file from protected location for working access control. Even then if client-side viewer has access to it then it's a non-issue to get the file itself out.
Note that WordPress core is completely engineered to reside in web–accessible location. Splitting some of the media from that and implementing streaming that a quick and trivial customization.
本文标签: content restrictionHow prevent direct access to PDF file
版权声明:本文标题:content restriction - How prevent direct access to PDF file 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741936326a2405876.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论