Forum Moderators: phranque
What I would like to know is if there is any way I can use htaccess to only accept file requests coming from my web server.
Our file-server is in California, while our web-server is in Georgia. So up until now we have been using htaccess and referrer checks to keep outsiders out of our file collection.
However, I did some testing, and it is possible to spoof referrer information using programs like FlashGet. I tried blocking FlashGet, but it doesn't use "FlashGet" as its user-agent anymore, so that is of no use.
I was wondering if there is any way I can uniquely identify my web-server to my file-server, so that it only accepts file requests from it.
Thanks
[edited by: Karnac at 8:21 pm (utc) on Oct. 23, 2003]
:)
Welcome to WebmasterWorld [webmasterworld.com]!
If the file server normally "sees" all requests as coming from your web-server -- that is, if the content is "piped through" your web server and not delivered straight to the requesting user-agent, then you can use the server variable %{REMOTE_ADDR} to check for the web server's IP address as the requestor. So, it all depends on how the machines are set up to provide the content to the end-user.
Jim
Robin
The first suggestion only allows for connections from the IP given. So it doesnt allow other people to download.
The second suggestion is a bit out of my skill level. I am running PHP on my web-server, but not on the file-server. But even then, I wouldn't know how to do that.
Any other ideas?
