Forum Moderators: phranque
However, I have faith in you guys - I know this is easy-peasy for some of you.
Here's the deal - I spent *days* working up a system to guard against leechers, by requiring them to go through 2 php files which referred to the correct location of the file to be downloaded. Unfortunately, someone has taken out my first step (which also includes an ad for our site) and now what I didn't want to happen can - a leecher can use the links from their site to clean out our directory...help!
The problem is this:
normally, the user goes to example.com/download/getfile.php?id=123.pdf (where 123 is a number corresponding to the correct pdf file)
after seven seconds, that file gets redirected to example.com/download/download.php?filename=123.pdf (same)
Problem is, I can't use SetEnvIfNoCase Referer since I don't have access to the http.conf file (or whatever one it is)
I know how to exclude my pages from referrers, but what I really want to do is rewrite them (based on the incoming url: example.com/download/download.php?filename=123.pdf) to my 7-second delay file (example.com/download/getfile.php?id=123.pdf)
Can anyone help me out with what the rewrite rule will be? (I especially stink at Regular Expressions - VB is my fortay.)
> SetEnvIfNoCase Referer since I don't have access to the http.conf file
mod_setenvif and mod_access can be used in .htaccess as well, on most servers.
Hmmm... Forte - pronounced "fort". No accent ague on it.
Access control by referrer is iffy at best -- It is up to the client whether it sends a referrer, and intervening caching proxies on the network will effectively drop the referrer. If you have valuable content, then consider a cookies-n-script approach to protecting your content.
There are hundreds of posts here on blocking hotlinkers, free for the searching. The only twist in your case appears to be that you may need to check the query string apended to the URL. See mod_rewrite RewriteCond %{QUERY_STRING}. Otherwise, please clarify your intent, and we'll try to get a more focused response.
JIm
One of our dealers is linking directly to our directory with our files in it - the links on our site have a seven-second delay built in...when they come from his site, they go right to download.php (instead of getfile.php) and they're able to leech our files. (and they're already started - I modified one of the scraper php files that I found on here to hopefully nix that, but in the meantime, I want to get this side fixed, as well.)
So, what I want to do is when I see the links are coming from joebillybobidiot.com, if they are using download.php, I want to automatically redirect them to using our getfile.php - PLUS I want to grab the filename that is being passed (comes in as download.php?filename=123.pdf) and autoredirect to getfile.php?id=123.pdf (using the $1 variable, I'm guessing)
That way, there is no way to leech from our directory, plus they still get to see our ad.
Thanks for your help...hope this clarifies somewhat. And yeah, I don't use forte enough to spell it correct.
RewriteEngine on
RewriteBase /#check to see if from example.com
RewriteCond %{REMOTE_HOST} ^example.com.*
# if so, rewrite incoming request /download/download.php/?filename=123.pdf
# to /download/getfile.php/?id=123.pdf
RewriteRule ^download.php/?filename=([0-9])\.pdf$ getfile.php/?id=$1.pdf [R=301,L]
------------------
I'm already in the download directory, so I don't bother with that (plus I've rewritten the base, already)
Like I said, it doesn't work. Trying the link from their page, it still allows them to download. What did I do wrong?
# If [i]referred[/i] by example.com or www.example.com
RewriteCond %{HTTP_REFERER} ^(www\.)?example\.com
# and if query string matches "filename=", extract filename from query and...
RewriteCond %{QUEY_STRING} ^filename=([0-9])\.pdf$
# [i]redirect[/i] request to correct URL with correct query var name/value pair
RewriteRule ^download\.php$ getfile.php?id=%1.pdf [R=301,L]
One way to 'break' the infinite redirection loop problem would be to rename your final page, and change the link on your interstitial page to point to its new URL; Since no-one is supposed to be linking directly to the final page, this should have no impact on 'correct' links out on the Web. Then you would be free to redirect *any* request for the old final page URL (regardless of referrer) to the interstitial page, and from there meta-refresh the cleint to the new final page URL.
Jim
However, I still can't get it to work. I fixed the spelling of Query and ran it. And even tried to negate the HTTP Referrer thing (since, in reality, everything that comes from outside that tries to get to download.php should get rewritten) but it didn't work either.
I don't know what to do.
# If referred by specific outside site, with or without "www."
RewriteCond %{HTTP_REFERER} ^[b]http://[/b](www\.)?[b]site_that_is_linking_to_wrong_URL[/b]\.com
# and if query string matches "filename=", extract filename from query and...
RewriteCond %{[b]QUERY_STRING[/b]} ^filename=([0-9])\.pdf$
# redirect request to correct URL with correct query var name/value pair
RewriteRule ^download\.php$ getfile.php?id=%1.pdf [R=301,L]
