Cannot prevent a file from direct URL Access in wordpress

Question

I'm trying to block my direct pdf url but unfortunately my pdfs are accessible directly from the url. I have already edit my htaccess file in which is stored in /opt/bitnami/apps/wordpress/htdocs

And my pfds are stored in /opt/bitnami/apps/wordpress/htdocs/wp-content/uploads/securepdfs

I have gone through these urls:

RewriteCond %{REQUEST_FILENAME} ^.*(pdf)$
RewriteRule ^(.*)$ /wp-content/download.php?file=$1 [L]

require_once('/path/to/wp-config.php');
require_once('/path/to/wp-includes/wp-db.php');
require_once('/path/to/wp-includes/pluggable.php');

if (!is_user_logged_in()) {
    // redirect to login page or show the message + login form
    die; // or exit, wp_redirect etc
}

header("Content-Type: application/octet-stream");

$file = $_GET["file"] .".pdf";
header("Content-Disposition: attachment; filename=" . urlencode($file));   
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
header("Content-Description: File Transfer");            
header("Content-Length: " . filesize($file));
flush(); // this doesn't really matter.
$fp = fopen($file, "r");
while (!feof($fp))
{
    echo fread($fp, 65536);
    flush(); // this is essential for large downloads
} 
fclose($fp); ```


All pdfs urls are public accessible
https://abc/wp-content/uploads/securepdfs/2019/05/Testing-pdf-1.pdf

try using .htaccess . here is an example https://stackoverflow.com/questions/11728976/how-to-deny-access-to-a-file-in-htaccess — Hans-Eric Lippke, May 26 '19 at 20:01
I'm using apache 2.4.33 is there any problem because of the version ? — Zain, May 26 '19 at 22:26

score 0 · Answer 1 · answered May 27 '19 at 06:30

0

You can use below code in the .htaccess file to block directory access from URL.

Options -Indexes

answered May 27 '19 at 06:30

Alfaraz Shaikh

199
4

score 0 · Answer 2 · answered May 27 '19 at 09:19

Bitnami Engineer here. One of our main goals is to configure Bitnami applications in the most secure way. For this reason, we moved the configuration in the .htaccess files to the main application configuration files and set the AllowOverride option to None by default.

The content of the .htaccess files have been moved to the /opt/bitnami/apps/wordpress/conf/htaccess.conf file. If you want to add new information, please follow these steps

Add a new entry in the /opt/bitnami/apps/wordpress/conf/htaccess.conf file specifying the path where the htaccess file is (/opt/bitnami/apps/wordpress/htdocs/wp-content/uploads/securepdfs) and pasting below the content of that file.

NOTE: CONTENT OF THE .htaccess FILE HERE is a placeholder, replace it with the content of the /opt/bitnami/apps/wordpress/htdocs/wp-content/uploads/securepdfs/.htaccess file created by the plugin.

...
<Directory "/opt/bitnami/apps/wordpress/htdocs/wp-content/uploads/securepdfs">
CONTENT OF THE .htaccess FILE HERE
</Directory>

Restart Apache to make the changes take effect:

sudo /opt/bitnami/ctlscript.sh restart

You can find more information in our documentation: https://docs.bitnami.com/aws/apps/wordpress/administration/use-htaccess/

Cannot prevent a file from direct URL Access in wordpress

2 Answers2