>>
Site Map
>>
Forums
>>
Security Issues
Forum module - topics in forum:
Security Issues - Get help in securing your PHP-NUKE Installation.
file leeching
I'm trying to protect my downloads from hotlinking. i already have fetchmod installed , but i don't really see how that helps. seems to me once you get the url from the fetch you can hotlink from there.
but anyways, i am trying to setup a .htaccess file in my downloads folder. I have read many posts about how to do this, but my situation seems a little different. the code i tried using is this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?eastcoastgamers.com/tac(/)?.*$ [NC]
RewriteRule .*\.(gif|jpg|jpeg|bmp|zip|exe)$ - [F,NC]
this is how my server is setup:
root directory-
www.eastcoastgamers.com
path to downloads folder-
www.eastcoastgamers.com/downloads
path to nuke site-
www.eastcoastgamers.com/tac
when i use the above code as a .htaccess file and put it in the downloads folder it works to a point. outside users can't access my files, but users within my nuke site can't access my files either. I get this error message when trying to access downloads from within my site:
FORBIDDEN
You don't have permission to access ****/*****/***** on this server.
any ideas about how to change the code so that anyone at eastcoastgamers.com/tac can access the files
There is NO module that can possibly stop someone from leaching your files I don't care what anyone says you must have htaccess and it must be turned on from your server. Then you can create a htaccess file that works, will allow your users to download files and keeps the leeches OUT. Most servers running cpanel already have an option called hotlink protection. Turn this on pick your directory and that should really be all you need.
On servers without hotlink protection there is directory protection or some form there of which uses htaaccess and generates the file for you, just tell it which directories to protect and what domains are allowed to access the directories and you should be all set.
It sounds to me from your description that htaccess is already enabled on your site all you have to do is set it up correctly... NOT all htaccess scripts work with all servers. In anycase set it up through your control panel and it should work as you want it.
Below is a basic htaccess file which should work on any *nix version.
| Code: : |
SetEnvIfNoCase Referer "^http://www.yourdomain.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://www.yourdomain.com$" locally_linked=1
SetEnvIfNoCase Referer "^http://yourdomain.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://yourdomain.com$" locally_linked=1
SetEnvIfNoCase Referer "^$" locally_linked=1
<FilesMatch "\.(exe|zip|rar?g)$">
Order Allow,Deny
Allow from env=locally_linked
</FilesMatch>
|
But again I would set it up htaccess through the control panel on your server if you have one, I realize not all servers have contorl panels and not all servers allow for htaccess.
