Forum Moderators: phranque
I have a directory on my site (containing pdf-s) to which access is controlled via an .htaccess file. When working correctly, users click on the download string, then the pdf is downloaded into a browser window.
Lately some authenticated users who are using a firewall are unable to download any of the pdf-s. This happens even when ad blocking is turned off. What happens is that when the user clicks on the download string, they get a blank window or an Action Cancelled error message.
At the moment I don't have any 'rules' in the .htaccess file. Is there a command I could include
that might fix this problem for requests coming via firewalls, routers etc?
Welcome to WebmasterWorld [webmasterworld.com]!
I'd like to know more about the nature of the "download string." If it is scripted, or if it refers to off-site content, that might be the cause of the problem. This sounds very much like you're unintentionally using a method that makes firewalls/security software "suspicious" and they are therefore blocking the request.
Jim
It is scripted. The content the file refers to is within my own site (but held in a .htaccess secured folder)
We use "javascript:openWin('')" which call for a php file that checks whether the requester is authorised user or not.
the openWin javascript function within the page looks like this
function openWin(filename)
{
open(filename,"centre");
//open(filename);
}
Appreciate your help with this
Teri
[edited by: jdMorgan at 5:26 pm (utc) on Feb. 19, 2004]
[edit reason] Fixed smiley in code [/edit]
This is not an issue I've dealt with before, but your script may be seen as a pop-up, and the days of pop-ups are coming to an end. Abuse has caused them to fall out of favor, and many new browsers and toolbars can be configured to block them.
Alternately, these newer browsers allow user-configurable restrictions on what client-side scripts are allowed to do. For example, you can set them to not allow windows to be resized, focused, hidden, or moved, etc.
I would suggest you look into a solution that does not require client-side scripting. I would guess that it should be possible to simply use an html link to go to the php authorization page, and then redirect from there to the download URL. Again, this is not my forte, but I don't see the need for client-side involvement.
About seven percent of all surfers habitually disable JavaScript; Make sure your site does not use it for any critical functions, or if it does, try to provide a workable <noscript> alternative.
Jim
I'd wondered, though, if the firewall problems might
be in some way be connected with our .htacess file.
I've read (I think in the general webmaster forum) that we might inadvertanltly be not allowing 'blank referrers' such as might be the case when a request comes via a firewall?
Teri
Jim
