monitored downloading

Forum Moderators: phranque

Message Too Old, No Replies

monitored downloading

using rewrite to make sure users are registered

WillllF

2:25 pm on May 13, 2006 (gmt 0)

on my website, the link for downloading files is like this:
http://www.example.co.uk/files/<type>/<id>/download/

mod_rewrite rewrites this url to a download script, which redirects the user to the actual file (after updating the download counter). this is so the user doesnt know where the file comes from (so they cant use my bandwidth without my knowing). but of course, its quite easy to find out.

so i've decided to try and use mod_rewrite to plug the hole.

RewriteCond %{HTTP_COOKIE} *user.*pass.* [NC]

the cookies i set when people login are 'user' and 'pass' so i thought that if i check if they send these cookies in request headers, it will at help to at least slightly improve control.
however the rule isnt working, does anyone know why?

thanks in advance,
Will

jdMorgan

12:16 am on May 14, 2006 (gmt 0)

Unless you anchor the pattern, you don't need ".*" before or after the pattern.

However, are you sure that the cookies will always be sent in that order? If not, you need to cover both cases:


RewriteCond %{HTTP_COOKIE} (user.*pass¦pass.*user) [NC]
RewriteRule ^public_dld_URL$ /private_dld_URL [L]

If you have any further problems, then set up a temporary redirect, so you can see what mod_rewrite sees:


RewriteRule ^test\.foo$ http://www.example.com/test.bar?cookie_test=%{HTTP_COOKIE} [R=301,L]

now request /test.foo, and look at the URL in your browser address bar -- It should show you the value of the HTTP_COOKIE variable.

Replace all broken pipe "¦" characters above with solid pipes before use; Posting on this board modifies the pipe character.

Jim