1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:52 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Banning IPs. - About mod_auth

A few how to implement questions.

         

geekay

6:07 pm on May 10, 2005 (gmt 0)

10+ Year Member



1) Banning IPs
Is it necessary to use the [F] flag (or other status flag) at the end of the RewriteRule? I would just prefer not to tell a person that he has been denied access.

Could someone please confirm if this code will correctly do what I want it to do: block IP ranges 111.222.1.1 to 111.222.3.255?

RewriteCond %{REMOTE_ADDR} ^111\.222\.1 [OR]
RewriteCond %{REMOTE_ADDR} ^111\.222\.2 [OR]
RewriteCond %{REMOTE_ADDR} ^111\.222\.3
RewriteRule .* -

2) mod_auth
Is there a way to password protect each file (WAV) in a directory with the help of mod_auth? On a html page there is a list of links to the WAV files in a separate directory. When you have provided the password for one file you can download all the other files without being asked for a password again. It obviously has something to do with the browser cache. Having to provide a password for every file would slow down at least some of the automatic mass downloading that bothers me.

In old versions of Apache null user names and passwords were allowed in mod_auth, but it looks like that's deprecated. Just hitting "Enter" for both user name and password would be OK, as the purpose is only to require a minimal human action each time a WAV file is downloaded. Any solution?

jdMorgan

9:06 pm on May 10, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You must either use the [F] flag, the [G] flag, or redirect the request to another resource.

mod_auth functions on a directory basis. Other methods are:

1) Serve the .wav files using a script that requires a cookie set by an 'authorization page' on your site (which could itself be password-protected).
2) Change the links to the .wav files once a week, day or hour, using php on the page that links to the .wavs, and then use mod_rewrite to rewrite to the real URLs when a request is received. See [webmasterworld.com...]
3) Implement a site-wide scripted password system.

Jim

geekay

1:58 am on May 11, 2005 (gmt 0)

10+ Year Member



My intention is definitely not to make the sound files or their URLs secret in any way. Any user name and password would be clearly published on the site for everybody. Something simple that would require a human to click each time a file is to be downloaded would be quite sufficient. That would turn off most of the lazy rippers.

Actually I wouldn't mind if a bot downloads all the huge files once in a while. But recently someone had a bot rip several different files within the same second, and not only that, each file was requested simultaneously six times. As soon as one request was completed the other five ongoinging requests for that file were cancelled (=206).

The Gone flag would be suitable. Is there anything else wrong with the above mod_rewrite?

jdMorgan

3:10 am on May 11, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You could compress it a bit, and make it apply only to .wav files: 

RewriteCond %{REMOTE_ADDR} ^111\.222\.[1-3]\.
RewriteRule \.wav$ - [G]

Jim
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:52 am May 2, 2026