[ic] Restricting access to PDFs

Brian J. Miller brian at endpoint.com
Tue Aug 1 12:27:28 EDT 2006

Kevin Walsh wrote:
> Grant <emailgrant at gmail.com> wrote:
>>I'd like to limit the display of PDF files to admins.  I've put my
>>PDFs in a directory below the docroot and set up apache2 to require
>>authentication to access that directory.  The whole thing works fine,
>>but I was wondering if there might be an IC way to do this?
> The IC way to do things like that is to treat the files as "soft goods".
> The idea is that you create a randomly-named directory and symlink
> your file into there.  You can then provide a URI to your file without
> much chance of anyone guessing the path.
> The symlink setup can be gated using whatever Interchange-based
> authentication you deem appropriate.
> For an example, see the [enable-downloads] UserTag, on this page:
>     http://www.interchange.rtfm.info/downloads/usertags/index.html

Additionally you can use an actionmap combined with the [deliver] tag to
provide any file accessible on the local filesystem with whatever
privilege system you would like.

The [deliver] tag provides base functionality for sending the proper
Content-Type header and the raw file as is.


In page:

[page area="download/myfile.zip"]My file (zipped)</a>

In catalog.cfg:

ActionMap download <<EOR
sub {
    my @path = grep /\S/, split m:/+:, $_[0];
    my $spec = join('/', 'pages', @path[1..$#path]);
    Log("Calling 'deliver' with $spec");
    my $result = $Tag->deliver({ file => $spec });
    Log(sprintf('Returned %s', defined($result) ? $result : '(undef)'));
    return 1;

Then within the 'download' actionmap you can add any privilege checking
you wish before providing the file itself. We use this method on at
least one client site for handling soft goods.


Brian J. Miller
End Point Corp.

More information about the interchange-users mailing list