How prevent direct access to PDF file

I am trying to protect a pdf file from direct downloading. I am using the PDF Embedder plugin to embed the PDF file - a first step into preventing its download. Then with JS I have disabled mouse right click, CTRL+ shortcuts. I inserted a redirection when the browser detects JS deactivated. I have found some "holes" in my method where someone could grab the link. So in my .htaccess I added

 RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost/ [NC] 
 RewriteRule \.(pdf)$ - [F,NC]

So if someone tries to access directly the pdf file gets a 403 error. It works but partialy. If I enter the URL directly I get a 403 error. If I load the page that contains the pdf file and then I use the URL directly, a pdf viewer tab appears with the DOWNLOAD option enabled. After a couple of reloads the cache gets emptied and the "server" kicks in getting a 403 error. What should I do in order to make the PDF appear using the plugin and prevent instantly the direct access to the file?

Topic content-restriction Wordpress

Category Web

1
answered at

You cannot at the same time allow access to file (via embedding) and disallow access to file. That's just not practical and you waste your time on holes.

The comment is quite right that you would need to stream file from protected location for working access control. Even then if client-side viewer has access to it then it's a non-issue to get the file itself out.

Note that WordPress core is completely engineered to reside in web–accessible location. Splitting some of the media from that and implementing streaming that a quick and trivial customization.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.