Security – prevent the browser from downloading doc docx and pdf

.htaccessapache-2.2documentsSecuritywebsite

i have some indexed document files ( .doc , .docx and .pdf ) stored in a folder in the website.

when i type the full address of the file ( ex http://www.website.com/folder1/folder2/1.doc )
the visitor or any body who is viewing the website can easily download the file.

are there any way to prevent this. are there any configuration has to be done to the .htaccess file to prevent this from happening.

also if folder2 contains only document file, how can i prevent a listing of the files inside this folder in case apache stoped running.

thank you

Best Answer

You have indexed document files mean, you letting crawlers to fetch your files, but you don't want people typing exact URL and downloading it.

So, here is few examples

Welcome for Googlebot, but when there is no referer, reject it.

SetEnvIf User-Agent "Googlebot" welcome

SetEnvIf Referer "^$" reject

order Allow,Deny
Allow from env=welcome
Deny from env=reject

(Note:Referer can explicitly disable in web browsers, and there is still many other ways to get the files, instead of typing exact url in browsers.)

Related Topic