We have a RDP link on our website, which works great in IE (prompts download for the user as it should). However, if a user attempts to access the link in Chrome or FireFox, the file content is displayed instead of forcing download.
I've added proper content-type and content-disposition headers and also added the mime types within HTACCESS (AddType application/x-rdp rdp), but have had no luck forcing the download. Any suggestions?
Download link: http://www.drivecms.com/uploads/city-commercial.com/2100236394CityCom%20TS01.RDP
An AllowOverride directive somewhere in your web server’s configuration, or in the .htaccess file of a parent directory might prevent you from changing MIME types via htaccess files.
Related
Example.
I have a file site.com/file.html
As expected, I can see file under link site.com/file.html
But unexpectedly I see it under link site.com/file as well. So no extension URI shows, if exists, file with .html extension as far as I can see.
How can I omit this ?
To be closer to real life my PHP application URL site.com/file is overridden by the HTML file placed in the root. Apache doesn't reach my PHP URL, but shows the HTML page. If I remove the HTML file, then PHP-driven url fires. But I must have that .html file there present.
For now I have ended up with Options -MultiViews in .htaccess
So it seems I have enabled MultiViews by default and it works that way I don't need:
The effect of MultiViews is as follows: if the server receives a request for /some/dir/foo, if /some/dir has MultiViews enabled, and /some/dir/foo does not exist, then the server reads the directory looking for files named foo.*, and effectively fakes up a type map which names all those files, assigning them the same media types and content-encodings it would have if the client had asked for one of them by name. It then chooses the best match to the client's requirements.
https://httpd.apache.org/docs/current/content-negotiation.html
But I don't see or understand any side-effects for now.
If someone has a better answer, please post.
i have some problem with .htaccess file.
For prevent download or print of pdf documents , i am using PDF.js for reading contents.
Now i want to disable direct http connection to those files.
Inside the pdf.js folders, i put a directory called "doc", that contains all items and this .htaccess:
Order allow,deny
Deny from all
<Files ~ "viewer\.html$">
Allow from all
</Files>
Where viewer.html is the page that contains the documents reader.
So, when i try access from my browser to
localhost:8080/test/pdfjs/web/viewer.html?file=doc/mondia.pdf
i get:
Unexpected server response (403) while retrieving PDF "../test/pdfjs/web/mondia.pdf"
Where i am wrong?
If PDF.js is running inside the user's web browser, then the user needs to be able to download the PDF document. Apache can't (reliably) tell the difference between "PDF.js on the user's computer" and "Google Chrome on the user's computer" - both are HTTP requests from the user's computer for the resource.
If you really wanted to, you might be able to detect some header set by PDF.js when it requests the PDF, and refuse requests without that header. That would stop casual users directly accessing the file, but anyone who presses F12 in their browser could see the PDF being downloaded by PDF.js and save the contents from there.
Even if you served it in some form other than PDF, the user could copy and paste the resulting HTML, or take a screenshot of how it renders to the screen.
Stopping a user doing something with their own computer is fundamentally hard; if they can read something on their screen, you have sent it to them in some form. To really block them, you need a trusted "DRM" encryption system that renders directly to screen without ever making decrypted data accessible to the user. In the vast majority of cases, that would be completely overkill, and just annoy your users (for instance, blind users probably won't be able to access the content, as their screen reader software will not be trusted).
You can try with this plugin
https://it.wordpress.org/plugins/editionguard-for-woocommerce-ebook-sales-with-drm/#description
or similar,
DRM is the best solution for wordpress site.
Or try with this header in pdf-js
How to set range header from client with pdf.js?
Please edit the .htacess file present in Vtiger_root_location/storage
add 'pdf' option as follows:
Is there any way to set up IIS in a way that no file can be downloaded? (without xml configuration and using the IIS UI only).
I know I can remove all mime-types but that is inconvenient, I'm looking for a better option.
You cannot stop of css or js as the server cannot differentiate between a normal
request and a download request when it comes to css or js.
Say you have a CSS or js included in your webpage any html page .This css file will need to be downloaded by the browser.So at server side(IIS) you cannot differentiate a normal download request or browser request. You can deny the download request if the referrer is not matching.For example if someone take sthe URL and directly copying and pasting it in another browser,the referrer header will not be present.Similarly if someone else hotlink to your resources(css,js files),you can stop that too.
By deny download based on Referrer using URLRewrite
When you're writing the manifest.json file, you have to specify matches for your content scripts. The http and https work fine, but if I try to include chrome://*/* or any variant of it, I get an error that I'm attempting to use an invalid scheme for my matches.
Is it not allowed?
By default you cannot run on a chrome:// url page.
However, there is an option in chrome://flags/#extensions-on-chrome-urls:
Extensions on chrome:// URLs (Mac, Windows, Linux, Chrome OS, Android)
Enables running extensions on chrome:// URLs, where extensions explicitly request this permission.
You still have to specify pages that your extension can run on and wildcards are not accepted - so you have to specify the full URL eg chrome://extensions/
The authorized schemes for matches are http, https, file, ftp.
Therefore, chrome is not a valid scheme.
Yes, it is not allowed. You can't link to them from hrefs on a webpage either.
I've installed a Joomla 1.6 template, and everything is working fine except 1 thing.
I have uploaded some .pdf-files somewhere in the file system and people who visit the site can view or download these pdf-files, but when I click on the link or trying to right-click and "Save as target" I get an error message like this:
Forbidden
You don't have permission to access
/path/filename.pdf on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request. Apache mod_fcgid/2.3.6
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server
at website Port 80
I've logged in as administrator and checked if I found anything that denies access to files with .pdf extension, but all I found was that it seems like a .htaccess-file is being created in the same folder as the .pdf-files just after I'm trying to open them in my browser.
The content of the .htaccess file that is being created is this:
deny from all
I have also tried to edit this files content to "allow from all", and tried to delete it too, but Joomla is just changing it back.
Anyone know why or what that prevents me from viewing or downloading the pdf-files?
If it's a UNIX/Linux server you can FTP in with a client that shows permissions like FileZilla. It's probably the permissions associated with the parent folder cascading down to these files. Try to see if you can upload an image to the images folder and if you can save it the same way you're trying to save the PDFs. If downloading the image to your machine works, I would then look at the permissions settings. If you're not sure which permissions to look for, check out this: http://www.tuxfiles.org/linuxhelp/filepermissions.html
Usually a client can download/view files with permissions of 644 or higher.