BPS Pro Uploads Anti-Exploit Guard (UAEG) is blocking something about how the pdf download is being done. PDF file types are not blocked by UAEG in your /uploads folder by default so there must be some other WooCommerce js or php scripts involved in the download process that are being blocked.
Do the “RewriteEngine Off .htaccess File Method” in this forum topic: http://forum.ait-pro.com/forums/topic/uploads-anti-exploit-guard-uaeg-read-me-first/ The htaccess file goes in this folder: /woocommerce_uploads/
All files in the /my-subfolder/ folder will no longer be checked or blocked by UAEG.
1. Open Notepad or Notepad++ (NOT Word or WordPad) on your computer.
2. Add this one line of text in your new Notepad text file: RewriteEngine Off.
3. Save the text file with this name: securityoff.htaccess.
4. Upload the securityoff.htaccess file to the folder/directory where you want to turn security Off/prevent the parent .htaccess file from applying its security rules/directives in this folder. In this example case the folder would be: /wp-content/uploads/my-subfolder/.
5. Rename the securityoff.htaccess file to .htaccess (removing securityoff from the file name). /wp-content/uploads/my-subfolder/.htaccessAll files in the /my-subfolder/ folder will no longer be checked or blocked by UAEG.