Only allow access to certain file types?

Forum Moderators: phranque

Message Too Old, No Replies

Only allow access to certain file types?

tomturd

11:56 pm on Feb 1, 2006 (gmt 0)

Hi everyone,

Just wondering if anyone could help me with a small problem.

I have a hosting account where people can upload files via FTP through a java applet. There are no restrictions as to what files can be uploaded.

Once the files are uploaded, I only want people to be able to download video files through HTTP... eg I only want to provide access to .wmv, .mpeg, .avi etc.

At the moment I have this -

AddHandler headered .jpg
AddHandler headered .jpeg
AddHandler headered .txt
AddHandler headered .htm
AddHandler headered .html
AddHandler headered .zip
AddHandler headered .gif
AddHandler headered .pdf
AddHandler headered .tar
AddHandler headered .tif
AddHandler headered .wav
AddHandler headered .bmp
AddHandler headered .exe
AddHandler headered .doc
AddHandler headered .xls
Action headered [[snip]...]

As you can see its a bit messy...

Id prefer to be able to specify what file types ARE allowed, is this possible?

Many Thanks
Tom.

extras

5:52 pm on Feb 2, 2006 (gmt 0)

Normally, you can specify the extensions with <FilesMatch ...>
and then use Deny from and/or Allow from.

But I'm not sure how it will interact with the Action directive and index,php of yours.

tomturd

4:15 pm on Feb 3, 2006 (gmt 0)

Hi, thanks for your reply!

Ive tried this -


<filesmatch (.avi¦.wmv¦.mpg¦.mov)>
Allow from all
</filesmatch> <filesmatch (.*)>
deny from all
</filesmatch>ErrorDocument 403 http://[snip]/forum/index.php

and this -


<filesmatch (*\.avi¦*\.wmv¦*\.mpg¦*\.mov)>
Allow from all
</filesmatch> <filesmatch (.*)>
deny from all
</filesmatch>ErrorDocument 403 http://[snip]/forum/index.php

but it seems that all files are getting redirected, any ideas?!

Thanks again for your help.

extras

7:59 pm on Feb 3, 2006 (gmt 0)

Your regex isn't correct.
Also, the seconf <FilesMAtch > isn't needed.

You may want to try this.

deny from all
<filesmatch "\.(avi¦wmv¦mpg¦mov)$">
Allow from all
</filesmatch>

jdMorgan

9:56 pm on Feb 3, 2006 (gmt 0)

Be sure to change all broken pipe "¦" characters you see posted on this board to solid pipe characters before use; Posting on this board modifies those characters.

Also, be sure to allow "all" to fetch your ErrorDocument! -- Otherwise, you'll get a 403-Forbidden while trying to server the 404 error page...

The correct syntax for ErrorDocument uses a local URL-path only:

ErrorDocument 403 /forum/index.php

Otherwise, your server will return a 302-Found status, and not the desired 404-Not Found status. This is documented in the Apache ErrorDocument documentation [httpd.apache.org].

Further, you should not use an "index page" as an error document. Each type of error should go to a page that explains that specific error, and then offers a link to your home page, your site map, or another appropriate destination. Otherwise you will confuse both users and search engines, and the results are often "not good." You can optionally put a meta-refresh on that error page to help the helpless. As long as the meta-refresh timer is set to >5 seconds, this should not cause indexing problems.

Jim

tomturd

12:57 am on Feb 4, 2006 (gmt 0)

Wahey!

extras, JD - many thanks for your help/advice!

My pipe was wrong.. its working now :)

Thanks again, your both legends.