LoginGet PDF Embedder

PDF Embedder Documentation

Documentation, Reference Materials, and Tutorials for PDF Embedder

Get access to
Powerful Features!

Mobile-Ready PDF Viewer

Secure PDF Sharing

Dynamic Watermark Protection

Track Document Performance

…and much more

Get PDF Embedder →

Serving protected PDF files under Caddy

This article is applicable to customers who are using the PDF Embedder Premium with the “Secure PDFs” option enabled.

As a reminder (more information is available here), when you enable this option, all PDF files will be stored in a special directory on your server with this path:

/wp-content/uploads/securepdfs/2025/01/file.pdf

When you use Apache, we automatically make all PDF files unavailable for direct access. This is possible because Apache exposes the a special .htaccess file that can configure its behavior on a per-directory basis.

Other servers, like Nginx and Caddy, can’t do that.

How to configure Caddy for Secure PDFs

You will need to modify you Caddy config file that defines the logic of how your site is loaded on a server. This file is usually called Caddyfile.

Below you can fine a snippet of the relevant part of the configuration (ported from Apache) that you should apply for your domain. Place it on the same level where your root directive is located.

handle_path /wp-content/uploads/securepdfs* {
	@allow_local {
		remote_ip 127.0.0.1
	}

	@allowed_files {
		path *.jpg *.png *.gif *.mp3 *.ogg
	}

	route {
		handle @allow_local {
			reverse_proxy http://127.0.0.1:6776
		}

		handle @allowed_files {
			respond "Allowed" 200
		}

		respond "Forbidden" 403
	}
}Code language: JavaScript (javascript)

Here is an official documentation of what and how you can configure your Caddy server using the Caddyfile.

How to check Caddy configuration is applied

First of all, make sure you saved the Caddyfile and then reload the Caddy server so the config is picked up by the server.

Next, check your shortcode or block that you used to embed the PDF file, it has a PDF URL, for example:

[pdf-embedder url="https://example.com/wp-content/uploads/securepdfs/2015/01/file.pdf"]Code language: JSON / JSON with Comments (json)

When you check the rendered shortcode or block on the front-end – you should see the PDF Viewer with all the options applied.

But when you try to access the PDF URL directly: https://example.com/wp-content/uploads/securepdfs/2015/01/file.pdf – you should see an “access denied” message via a 403 error generated by your server.

Still have questions? We’re here to help!

Submit a Support Ticket
Contact Us

Last Modified: