Forum Moderators: phranque
on our server we have a directory containing pdf-files (and a .jpg for testing only) we want to protect: they should only be accessible when one clicks on a link to it on a certain page of our site.
i tried to do this with .htaccess
this is my file:
SetEnvIfNoCase Referer "^http://www.mysite.com/" allowed=1
<FilesMatch ".(jpg¦pdf)">
Allow from env=allowed
Order Allow,Deny
</FilesMatch>
this works perfectly for .jpg files, but for pdf-files there is a problem when one uses internet explorer. instead of the contents of the pdf file, i just get a white page. in netscape, mozilla, opera it works fine, also for the pdf files. any idea on what the problem is? or is there another way to accomplish the desired effect?
requesting a pdf file from mysite with InternetExplorer gives the following 2 entries in the access.log file
****.****.151.20 - - [02/Dec/2003:20:27:10 +0100] "GET /transp/sth.pdf HTTP/1.1" 200 72972 "http://www.mysite.com/test.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
xxx.xxx.151.20 - - [02/Dec/2003:20:27:10 +0100] "GET /transp/sth.pdf HTTP/1.1" 403 328 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
i hope anyone can help my out here. thanks.
However, before getting into the complication of creating a pdf error page to serve for those requests, it would be a good idea to make sure your server is properly identifying the MIME type of the html error file it is serving and not the pdf file that was requested. Use the Server header checker [webmasterworld.com] to verify this.
If there is a problem, using the AddType directive to specify the correct MIME-type may help.
Jim
i added addtype in the .htaccess file as follows:
AddType application/pdf pdf
SetEnvIfNoCase Referer "^http://www.mysite.com/" allowed=1
<FilesMatch ".(jpg¦pdf)">
Allow from env=allowed
Order Allow,Deny
</FilesMatch>
nothing changed though. when i request a pdf file from an allowed site, the filename appears in the title of the browser but the content stays white, only in IE. in other browsers, the acrobat reader starts and displays the file correctly.
any suggestions?
I doubt this is soley a server-side issue. However, it is usual to place the Order Allow,Deny directive beforethe Allow from and Deny from directives, and there is no need to assign the "allowed" variable a non-default value. Note also the regex cleanup in <FilesMatch>:
SetEnvIfNoCase Referer "^http://www.mysite.com/" allowed
<FilesMatch "\.(jpg¦pdf)$">
Order Allow,Deny
Allow from env=allowed
</FilesMatch>
Well, you could try allowing blank referers, since it appears that IE is supressing the refererer on the second request ahown in your log above:
SetEnvIfNoCase Referer "^$" allowed
SetEnvIfNoCase Referer "^http://www.mysite.com" allowed
<FilesMatch "\.(jpg¦pdf)$">
Order Allow,Deny
Allow from env=allowed
</FilesMatch>
HTTP_REFERER is not consistently propagated on the Web, and is therefore inherently unreliable.
Jim
