Welcome to WebmasterWorld Guest from 3.80.4.76

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

How to make separate file-server respond only to my web-server

Any way to identify my web-server to my file-server?

     
8:16 pm on Oct 23, 2003 (gmt 0)

New User

10+ Year Member

joined:Oct 23, 2003
posts:3
votes: 0


Hello everyone. I'm Kane.

What I would like to know is if there is any way I can use htaccess to only accept file requests coming from my web server.

Our file-server is in California, while our web-server is in Georgia. So up until now we have been using htaccess and referrer checks to keep outsiders out of our file collection.

However, I did some testing, and it is possible to spoof referrer information using programs like FlashGet. I tried blocking FlashGet, but it doesn't use "FlashGet" as its user-agent anymore, so that is of no use.

I was wondering if there is any way I can uniquely identify my web-server to my file-server, so that it only accepts file requests from it.

Thanks

[edited by: Karnac at 8:21 pm (utc) on Oct. 23, 2003]

8:20 pm on Oct 23, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 25, 2003
posts:171
votes: 0


No answers from me, unfortunately. I just wanted to suggest that you remove your URL from your post - as it is against the WebmasterWorld TOS to post your site URL.

:)

8:21 pm on Oct 23, 2003 (gmt 0)

New User

10+ Year Member

joined:Oct 23, 2003
posts:3
votes: 0


Thanks for notifying me. Edited.
12:17 am on Oct 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Kane,

Welcome to WebmasterWorld [webmasterworld.com]!

If the file server normally "sees" all requests as coming from your web-server -- that is, if the content is "piped through" your web server and not delivered straight to the requesting user-agent, then you can use the server variable %{REMOTE_ADDR} to check for the web server's IP address as the requestor. So, it all depends on how the machines are set up to provide the content to the end-user.

Jim

12:25 am on Oct 24, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:July 29, 2003
posts:72
votes: 0


Another possibility, assuming it's also running apache, is to use php (or some other scripting with sessions) - make the website create a session id, which it then passes onto the fileserver as a valid id (before replying to the browser request) - then make the link to the fileserver include that session (or plain unique) id, give it a reasonable timeout before use, and that should work pretty well...

Robin

2:25 am on Oct 24, 2003 (gmt 0)

New User

10+ Year Member

joined:Oct 23, 2003
posts:3
votes: 0


Thanks guys.

The first suggestion only allows for connections from the IP given. So it doesnt allow other people to download.

The second suggestion is a bit out of my skill level. I am running PHP on my web-server, but not on the file-server. But even then, I wouldn't know how to do that.

Any other ideas?

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members