You are not logged in.

#1 2013-06-18 22:39:22

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,480
Website

[SOLVED] password protected directory: allow downloads for valid user

I'm setting up a folder on my website with restricted access using .htaccess with the following:

AuthType Basic  
AuthName "Secure Site"  
AuthUserFile /path/to/.htpasswd
require valid-user

This works as intended: it requires a proper username and password to view the pages in that directory.  However, I put a link to a pdf document (also stored in that directory) in one of those pages, and I cannot download the pdf.  I'm not even prompted for another password, it just dowloads a copy of the "access denied" page.

This seems odd to me, as once logged in I can navigate to any of the pages in that directory and I do not need to reenter a password - but download links don't work.

I've been searching for documentation on whether I need something else in the htaccess file to allow for this - but either my google fu is weak, or there is not much out there.  Or most likely, the useful information is swamped out by countless pages that only describe the most basic scenario (I've now read many of these).

How can I allow users who have already provided a valid name and password to download a document such as a pdf?

EDIT:  I've just tried changing the target of the link to the pdf to http://username:password@domain.name/full/path/to/the.pdf, which I suspected would work, but I was hoping for something better - but even this didn't work.

EDIT: I just found that I *can* download the pdf as long as I right click and select "download linked file", but not if I left click or try to "open" the link.  For pdfs this seems browser specific: the pdf link works in firefox.  But .doc files do not work in either browser.  When I click on a link to a .doc file, I get the access denied error page.

EDIT: It seems links to document files give a 403 error regardless of whether they are in the secure folder or not - so this may not have anything to do wth the htaccess settings.

SOLUTION: for (&# sake, somehow *one* file out of several I uploaded to the server had it's permissions changed.  It didn't have read permission.

In case it helps anyone in the future - I've now found the server I use (apparently) removes read access from doc files automatically.  chmod'ing them does the trick until I can figure out how to disable this foolishness ... or until I can set up my own server to avoid such foolishness.

Last edited by Trilby (2013-06-19 21:11:45)


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Offline

Board footer

Powered by FluxBB