htaccess - Deny access to pdf files in folders

Question

The goal is to restrict direct browser access to all *.pdf various subfolders within a main folder. The subfolder names in which each pdf file reside are numeric only (characters 0-9; Eg. "work/books/112/myfile.pdf")

What I have so far is:

RewriteRule ^work/books/([0-9]+)/\.pdf)$ [F,L,NC]

Where 'books' is my main folder and then whatever numeric folders in which pdf files reside, there are.

This doesn't seem to work and I am also unsure if while this rewrite rule prevents direct access of those pdf files, will I still be able to read the pdf files via php?

Answer 1

As noted in @OlafDietsche's answer, you are not matching the myfile part of the requested URL in the regex, so the directive never matches.

You could avoid the use of mod_rewrite by using an Apache <If> expression with mod_authz_core. For example:

<If "%{REQUEST_URI} =~ m#/work/books/\d+/[^/]+\.pdf$#">
    Require all denied
</If>

or simply block direct access to all .pdf files on the server:

<Files "*.pdf">
    Require all denied
</Files>

prevents direct access of those pdf files, will I still be able to read the pdf files via PHP

Providing you're not making an HTTP request from PHP for these .pdf files then access will not be blocked.

Answer 2

The rule is missing the file's name part before the extension (.pdf), so the regular expression should be

^work/books/[0-9]+/[^/]+\.pdf

There's also no need for capturing any part, this means you may omit all the parenthesis, which are unbalanced in your example, btw.

Another part of a RewriteRule directive is the substitution, which may be just a dash in this case. So putting all together, it becomes

RewriteRule ^work/books/[0-9]+/[^/]+\.pdf$ - [F]