Why can’t I force users to login to download a zip file from my website?

I have a directory which contains a zip file and a pptx (PowerPoint) file. In the directory is this .htaccess (regex?) code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www.)?mydomain.me.uk/ [NC]
RewriteCond %{REQUEST_URI} !hotlink.(pptx|ppt|pdf|zip|7z|rar|xls|xlsx|doc|docx) [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule .*.(pptx|ppt|pdf)$ http://mydomain.me.uk/  [NC]

When a user puts in the direct URL for pptx file, they are correctly served a 404 unless they are logged in. For zip and 7z (7zip) files they can still download those files without being logged in, even though those file extensions are correctly listed (to block) in my .htaccess code.

Why doesn’t this code work for archived files?

Read more here: Why can’t I force users to login to download a zip file from my website?

Leave a Reply

Your email address will not be published. Required fields are marked *