stop the bandwidth bleeders

Forum Moderators: phranque

Message Too Old, No Replies

stop the bandwidth bleeders

limiting file access to my server and its web pages

rmeyers

5:10 pm on Dec 1, 2001 (gmt 0)

How can I limit the access of files to be download from my web site through my web pages only? It seems others are just copying my "downloads" web page onto their web site, and then their visitors are pulling down the files from my web server without ever even knowing the "real" site exists. It is very confusing for the users of my software. Not to mention that this is bleeding off over 100GB of bandwidth each month!

It seems that there would be a simple settings to limit the access to visitors of my web site only.

ggrot

7:57 pm on Dec 1, 2001 (gmt 0)

Hmm, I don't have code for you, but just make a .htaccess setting for all the downloadables and if the user's referring url is not from your site(or is blank), dont let them download it - [F].

rmeyers

10:59 pm on Dec 1, 2001 (gmt 0)

The .htaccess doesn't seem to do the trick, at least to the extent of my knowledge. I tried the following, but then nobody really is able to get in. How do you specify the "referring URL" directive?

<limit GET>
order deny,allow
deny from all
allow from (myserverip)
</limit>

gethan

4:04 pm on Dec 4, 2001 (gmt 0)

Hi rmeyers,

Welcome to WebmasterWorld

I think what you are looking for is some of the functionality available via mod_rewrite on apache.

The basic theory is that the referrer is checked and if its not your site then block them.

Better would be a message saying - "link to me - don't steal my downloads". And hope they test - spot the message and link.

Blocked In-line Images
Problem Description:
Assume we have under [quux-corp.de...] some pages with inlined GIF graphics. These graphics are nice, so others directly incorporate them via hyperlinks to their pages. We don't like this practice because it adds useless traffic to our server.
Problem Solution:
While we cannot 100% protect the images from inclusion, we can at least restrict the cases where the browser sends a HTTP Referer header.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
RewriteRule .*\.gif$ - [F]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !.*/foo-with-gif\.html$
RewriteRule ^inlined-in-foo\.gif$ - [F]

From [engelschall.com...] which is currently down hence the copy and paste...

Good luck

DaveAtIFG

6:05 pm on Dec 4, 2001 (gmt 0)

Ralf Engelshall's URL Rewriting Guide (that gethan is quoting from) is also available at the Apache site at [httpd.apache.org...]

rmeyers

7:08 pm on Dec 4, 2001 (gmt 0)

I thank those of you who replied. I ended up using the following technique and it works as desired :-)

As a courtesy to whomever may need this fix in the future I am posting it. I created a .htaccess file and the contents were:

AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.your_domain.com/
RewriteCond %{HTTP_REFERER} !^http://your_domain.com/
RewriteCond %{HTTP_REFERER} !^http://your_ip_address/
RewriteRule /* [your_domain.com...] [R,L]