Welcome to WebmasterWorld Guest from 3.226.251.205

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

disable hotlinking of pdf files with .htaccess

disable hotlinking of pdf files with .htaccess

     
1:08 pm on Dec 16, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 15, 2003
posts:3
votes: 0


hi all,

on our server we have a directory containing pdf-files (and a .jpg for testing only) we want to protect: they should only be accessible when one clicks on a link to it on a certain page of our site.
i tried to do this with .htaccess

this is my file:

SetEnvIfNoCase Referer "^http://www.mysite.com/" allowed=1

<FilesMatch ".(jpgpdf)">
Allow from env=allowed
Order Allow,Deny
</FilesMatch>

this works perfectly for .jpg files, but for pdf-files there is a problem when one uses internet explorer. instead of the contents of the pdf file, i just get a white page. in netscape, mozilla, opera it works fine, also for the pdf files. any idea on what the problem is? or is there another way to accomplish the desired effect?

requesting a pdf file from mysite with InternetExplorer gives the following 2 entries in the access.log file

****.****.151.20 - - [02/Dec/2003:20:27:10 +0100] "GET /transp/sth.pdf HTTP/1.1" 200 72972 "http://www.mysite.com/test.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
xxx.xxx.151.20 - - [02/Dec/2003:20:27:10 +0100] "GET /transp/sth.pdf HTTP/1.1" 403 328 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

i hope anyone can help my out here. thanks.

5:01 pm on Dec 16, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


It is possible that ie cannot handle the unexpected change for the requested MIME-type (application/pdf) to the error page MIME-type (text/html).

However, before getting into the complication of creating a pdf error page to serve for those requests, it would be a good idea to make sure your server is properly identifying the MIME type of the html error file it is serving and not the pdf file that was requested. Use the Server header checker [webmasterworld.com] to verify this.

If there is a problem, using the AddType directive to specify the correct MIME-type may help.

Jim

11:24 am on Dec 17, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 15, 2003
posts:3
votes: 0


thanks for your reply jim.

i added addtype in the .htaccess file as follows:

AddType application/pdf pdf

SetEnvIfNoCase Referer "^http://www.mysite.com/" allowed=1

<FilesMatch ".(jpgpdf)">
Allow from env=allowed
Order Allow,Deny
</FilesMatch>

nothing changed though. when i request a pdf file from an allowed site, the filename appears in the title of the browser but the content stays white, only in IE. in other browsers, the acrobat reader starts and displays the file correctly.
any suggestions?

7:49 pm on Dec 17, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


I haven't seen this problem, so I'm stumped, too.

I doubt this is soley a server-side issue. However, it is usual to place the Order Allow,Deny directive beforethe Allow from and Deny from directives, and there is no need to assign the "allowed" variable a non-default value. Note also the regex cleanup in <FilesMatch>:


SetEnvIfNoCase Referer "^http://www.mysite.com/" allowed
<FilesMatch "\.(jpgpdf)$">
Order Allow,Deny
Allow from env=allowed
</FilesMatch>

Jim
3:34 pm on Dec 19, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 15, 2003
posts:3
votes: 0


still no luck...
i keep on trying
5:50 pm on Dec 19, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


perfect_square,

Well, you could try allowing blank referers, since it appears that IE is supressing the refererer on the second request ahown in your log above:


SetEnvIfNoCase Referer "^$" allowed
SetEnvIfNoCase Referer "^http://www.mysite.com" allowed
<FilesMatch "\.(jpgpdf)$">
Order Allow,Deny
Allow from env=allowed
</FilesMatch>

This will reduce the protection of your pdfs and jpgs by allowing some improper access, but at least it does not block legitimate visitors.

HTTP_REFERER is not consistently propagated on the Web, and is therefore inherently unreliable.

Jim

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members