[ic] Restricting access to PDFs

Peter peter at pajamian.dhs.org
Mon Jul 31 23:06:22 EDT 2006

On 07/31/2006 07:52 PM, Grant wrote:
> I'd like to limit the display of PDF files to admins.  I've put my
> PDFs in a directory below the docroot and set up apache2 to require
> authentication to access that directory.  The whole thing works fine,
> but I was wondering if there might be an IC way to do this?

IC can control who will get a link to the PDF on an IC page, but it's a 
lot more difficult to control who has access to the PDF apart from 
controlling with the web server.

One possible solution is to use mod_auth_tkt and issue an authentication 
ticket from IC only to authorised admins.  A usertag could be written to 
issue the ticket.  The downside to this approach is it requires cookies.

> Either way, is it possible to require an https request for the PDFs?

Yep, just put them in thier own directory outside of the normal webspace 
and put an Alias directive inside the <VirtualHost> section for your 
https setup.


More information about the interchange-users mailing list