htaccess configuration not configured correctly

Question

I have a directory structure: httpdocs/documents/folder1 httpdocs/documents/folder2 httpdocs/documents/folder3

etc in httpdocs/document I have a .ht access file:

RewriteEngine on
RewriteRule ^(.*).(PDF)$ fileopen.php

and in this folder I have fileopen.php

This file then opens pdf files in folder1 to folder3 depending on a $_Get request sent by a file request in the httpdocs folder.

I want the htaccess file to limit access to all folders but allow any pdf being requested by fileopen.php to be downloaded and opened. Is this possible cause I can't get it to work.

Answer 1

Try something like this:

RewriteEngine on
RewriteRule ^(.*).(PDF)$ fileopen.php?file=$1 [L]
RewriteRule ^(folder1|folder2|folder3) - [L,F]

Answer 2

Though it is possible to block it using mod_rewrite rules. I guess most simple and robust solution is to move folder1, folder2, folder3 outside DOCUMENT_ROOT.

Then you can have httpdocs and a new pdfdir at same level. pfdir can then contain folder1, folder2, folder3.

Something like this:

---> httpdocs/
----------> .htaccess
----------> fileopen.php
----------> documents/
---> pdfdir/
----------> folder1/
-------------------> foo.PDF
----------> folder2/
-------------------> bar.PDF
----------> folder3/
-------------------> baz.PDF

This way pdfdir and its contents are inaccessible from web and your index.php can still access them using fopen etc file functions.