DJ-Ready,

Welcome to WebmasterWorld [webmasterworld.com]!

You need to consider either enabling blank referrers, or allowing access by User-Agent.

Look at your raw server logs for downloads that failed, and see which user-agents appear to be the problem.

Jim

well, i never worked with htaccess before .. and i dont know what you mean with user agent ...
someone gave me another htaccess file that should work... but when i upload that file to my files directory i only get 404 errors when i try do download something on my site :(

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^http://domain.tld/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://www.domain.tld/.*$ [NC]
RewriteRule .*\.(exe¦rar¦zip¦mp3¦avi)$ [domain.tld...] [R,NC]

im starting to get mad on this .. aaw

I read a quote by Eric S Raymond the other day that helped to get the whole mod_rewrite thing into focus for me. He said, "Throughout a Unix system, easy things are easy and hard things are at least possible."

The thing is, protecting your files efficiently is quite hard, but at least it is possible. You can't expect to be able to copy and paste a solution that worked elsewhere and expect it to work for you.

There is no alternative to actually learning what the various components of a .htaccess file (the rewrite conditions, the rewrite rules, the "regular expressions" etc) do and writing your own to do just what you want them to do. It's a tricky but worthwhile project and there are a lot of tips and examples in this forum.

Longhaired Genius speaks the truth.

I can give you examples of allowing blank referrers and allowing certain user-agents regardless of referrer, but what I cannot do is to tell you which is more appropriate for your situation. Again, there is no one-size-fits-all solution.

Allow blank referrers:

RewriteEngine on
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com [NC]
RewriteRule \.(exe¦rar¦zip¦mp3¦avi)$ - [F]

This allows blank referrers, but also will let some unwelcome downloads occur.

Allow certain downloaders:

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !^Wget
RewriteCond %{HTTP_USER_AGENT} !^RealDownload
RewriteCond %{HTTP_USER_AGENT} !^SmartDownload
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com [NC]
RewriteRule \.(exe¦rar¦zip¦mp3¦avi)$ - [F]

You'll need to work out which downloaders you want to allow, and what their actual user-agent names are; the above are only examples. The regular-expressions symbols -- e.g.!^$?()\.* -- used to match the user-agent and referrer strings also need to be closely examined -- they need to be precisely correct in order to work as expected.

Only you can make the trade-offs between the various approaches of open access, allowing blank referrers, or allowing only certain downloaders if the referrer address is missing or incorrect.
This Introduction to mod_rewrite [webmasterworld.com] thread is a good start, and contains vital links to tutorials and documentation that you will need to read in order to get comfortable with regular expressions mod_access, and mod_rewrite.

You will need to replace all broken pipe "¦" characters in the code above with the solid pipe from your keyboard.

Jim

hmm ... basically, i only want to be able to download from my site with the normal windows download thingie and most common download managers like flashget, dap, etc... i havent expected that it would be that hard >_<

DJReady,

In that case, the first code snippet from msg#5 above will probably be what you want.

Jim

ok, thank you ... i think ill change the foldernames for the files once a week via cronjob to make it more save against blank referers ...
but anyways, im very thankfull for your help :D