Page 2 of 2 FirstFirst 12
Results 16 to 20 of 20
  1. #16
    Join Date
    Jan 2008
    Location
    England
    Posts
    534
    Quote Originally Posted by Xantar View Post
    Anywayz derailed it a bit.. But as previously poitned out, not looking for a PHP solutions, i think apache should able to do it, since i see alot of one click file sharing does this, the files are not necessary located at the download http link.
    The vast majority of file sharing sites use one of the modules I mentioned earlier, or a custom module or server side language.

    If the only reason why you don't want to use the modules I listed earlier is brute forcing, then you can use a 50 digit alphanumeric key that would never get bruteforced. You can also edit the code and add an extra hash (what our company did) which means that people will have no idea how the hash is made up, or even what algorithm it is, so then cant brute force it.

  2. #17
    Join Date
    May 2009
    Posts
    119
    can it access different "folder" with that script?

    SERVER/sercretfile/

    Accessible via
    SERVER/download/<identificationkey>/filename.extension

    ?

    Because i read your previous script, it only access if
    SERVER/sercretfile/ is SERVER/download/sercretfile/

  3. #18
    Join Date
    Jan 2008
    Location
    England
    Posts
    534
    I only have experience using this nginx module (and I customized it a bit):
    http://wiki.nginx.org/HttpSecureDownload

    Which was discontinued when nginx came out with their official module which I listed in my previous post, and appears to do the same thing as the above 3rd party module.

    We have it configured like so:
    Code:
     secure_download                 on;
    secure_download_secret          SECRETKEY$remote_addr;
    secure_download_path_mode       file;
    secure_download_fail_location   /fail.html;
    
    root /home/files;
    So, when we generate the link in php it looks like this:

    site.tld/folder/filename/authhash/hextime

    We then redirect the user to that link. When the user arrives on the fileserver with the above link, if the url and auth hash checks out, they are served:

    /home/files/folder/filename

    When someone goes to site.tld/folder/filename they are shown /fail.html. So the only way to access the file would be to, as you said, bruteforce the authhash. We use a very long secretkey plus a customized hash method so its extremely unlikely that it'll ever be bruteforced.

    We offer many large files too, and found this to be the best option, and found nginx by far the best httpd to use in terms of performance.

  4. #19
    Join Date
    May 2009
    Posts
    119
    Okay i have a check when i have some free time

    Would be a lot better if there any other options in apache already does that with say .htaccess

  5. #20
    Join Date
    Mar 2012
    Location
    Saudi Arabia
    Posts
    11
    If you have CPanel, you can add any not public files on the root of your account where no public access beside public_html folder

Page 2 of 2 FirstFirst 12

Similar Threads

  1. suPHP - Protect User's Files
    By awells527 in forum Hosting Security and Technology
    Replies: 5
    Last Post: 11-10-2008, 02:27 AM
  2. how protect files
    By rob2 in forum Web Hosting
    Replies: 3
    Last Post: 09-30-2007, 10:43 AM
  3. How to protect flash files?
    By kioshi in forum Hosting Security and Technology
    Replies: 5
    Last Post: 02-23-2006, 12:32 AM
  4. Need to protect files from leetchers
    By vpsfusion in forum Programming Discussion
    Replies: 11
    Last Post: 01-13-2006, 02:42 PM
  5. How do I protect files?
    By WebBloom in forum Hosting Security and Technology
    Replies: 3
    Last Post: 11-01-2001, 11:39 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •