How to limit the number of downloads of a file

Forum Moderators: phranque

Message Too Old, No Replies

How to limit the number of downloads of a file

Using .htaccess

MSDSoft

8:45 am on Feb 20, 2014 (gmt 0)

Hi all,

I am getting a lot of downloads of my files from China.

The downloads come from hundreds of different IP's, mainly from China, and seem to be made by bots.

As the number of IP's grow daily, I wonder if there is a way to limit the number of downloads of a particular file from a certain IP.

For instance, I want to limit the download of file setup.zip to only one download per week per IP.

Is this possible using .htaccess or any other means?

If not, what could I do to stop this download frenzy, because it is eating my ISP bandwith.

Thanks for your help.

lucy24

10:07 am on Feb 20, 2014 (gmt 0)

In .htaccess alone? Definitely no. Each request is an island, and the server has no memory. At a minimum you'd have to involve some php-or-equivalent and a database to track who has downloaded before. A cookie-based solution would probably be a waste of time, since anyone can delete cookies, and robots don't use them in the first place.

Why don't you just block China? A lot of problems go away when you exclude 1/6* of the world's population ;)

* Uhm, it is 1/6 now isn't it? I can distinctly remember when it was 1/4.

phranque

10:14 am on Feb 20, 2014 (gmt 0)

you would have to start using various bot blocking techniques.
there is an entire forum here dedicated to the subject.

Search Engine Spider and User Agent Identification:
http://www.webmasterworld.com/search_engine_spiders/ [webmasterworld.com]

MSDSoft

1:26 pm on Feb 20, 2014 (gmt 0)

Thanks for your answers.

Lucy24, I have blocked hundreds of IP ranges from China I found on the Internet, but not effective at all.

I am blocking the IP's that download the most, but new IP's arise every day.

Phranque, I will have a look at the forum you suggested. Thanks.

wilderness

2:19 pm on Feb 20, 2014 (gmt 0)

I have blocked hundreds of IP ranges from China I found on the Internet, but not effective at all.

I am blocking the IP's that download the most, but new IP's arise every day.

It appears to me that you are blocking specific-and-precise ranges down to the Class D IP, rather than broader ranges for entire providers as was suggested to you under the premise of "block China".

lucy24

10:59 pm on Feb 20, 2014 (gmt 0)

:: detour to htaccess ::

According to the text editor, I'm currently blocking 571 China ranges. I think at the outset I collected everything /14 and up to pre-seed the list; smaller ranges get added when they offend. By now it's probably down to /16. I only see three /17 or smaller. Plus, of course, things like PegTech that are China in all but name.

graeme_p

6:56 am on Feb 21, 2014 (gmt 0)

I think something like:

1) htaccess passes requests for downloads to script
2) script checks against an IP database (like MaxMind's - the slightly less accurate but good enough for most people one is free to use). If the IP is in change returns an appropriate error.
3) if its not in China, allows download.

I am not sure how best to to do the last step with Apache. With Lighttpd or Nginx I would use X-Sendfile. There is a mod_xsendfile for Apache, but I do not know how much difference it makes if you are using Apache pre-fork.

lucy24

8:45 am on Feb 21, 2014 (gmt 0)

The OP said htaccess, so I don't think adding Apache mods is much of an option. But once you're in a script, you don't really need htaccess for anything further. The script itself can either pass you quietly along to the download, or dump you on the appropriate error page. I don't think there's a category "476 -- from China" but you can always make something up.

Some of this depends on whether you're controlling access to a downloads page, or to individual downloads linked from that page.

graeme_p

8:53 am on Feb 21, 2014 (gmt 0)

I mentioned the mod because I do not know how BEST to return a file from a script with Apache

My main point is that an IP database is an easier option because you just update that one file once a month.

If no suitable HTTP code exists, you can always use 418 - I am a Teapot.

[tools.ietf.org ]