The goal is to restrict direct browser access to all *.pdf various subfolders within a main folder. The subfolder names in which each pdf file reside are numeric only (characters 0-9; Eg. "work/books/112/myfile.pdf")

What I have so far is:

RewriteRule ^work/books/([0-9] )/\.pdf)$ [F,L,NC]

Where 'books' is my main folder and then whatever numeric folders in which pdf files reside, there are.

This doesn't seem to work and I am also unsure if while this rewrite rule prevents direct access of those pdf files, will I still be able to read the pdf files via php?

CodePudding user response：

The rule is missing the file's name part before the extension (.pdf), so the regular expression should be

^work/books/[0-9] /[^/] \.pdf

There's also no need for capturing any part, this means you may omit all the parenthesis, which are unbalanced in your example, btw.

Another part of a RewriteRule directive is the substitution, which may be just a dash in this case. So putting all together, it becomes

RewriteRule ^work/books/[0-9] /[^/] \.pdf$ - [F]

CodePudding user response：

As noted in @OlafDietsche's answer, you are not matching the myfile part of the requested URL in the regex, so the directive never matches.

You could avoid the use of mod_rewrite by using an Apache <If> expression with mod_authz_core. For example:

<If "%{REQUEST_URI} =~ m#/work/books/\d /[^/] \.pdf$#">
    Require all denied
</If>

or simply block direct access to all .pdf files on the server:

<Files "*.pdf">
    Require all denied
</Files>

prevents direct access of those pdf files, will I still be able to read the pdf files via PHP

Providing you're not making an HTTP request from PHP for these .pdf files then access will not be blocked.