dcumpian Posted January 27, 2007 Share Posted January 27, 2007 Hello, I've struggled with this for a few hours and I'm stumped. I need to find a way to either rewrite a url or redirect in the following situation: I've setup a file download system that uses urls like so: >www.****/download/regfiles/index.php?action=downloads&id=1&download=uploads/files/filename.exe However, if a user enters: >www.****/download/regfiles/uploads/files/filename.exe They can access the file without using the download system. All users must authenticate to get this far, so that's not the problem. My issue is that the download system logs all downloads and I want to enforce this so I can determine if a user abuses their download rights by giving away their login/password. I want to redirect them to the download system's "index.php" whenever they attempt to do this. I've tried variations of this: >Options +FollowSymlinks RewriteEngine on RewriteRule (.*)/regfiles/uploads/files/(.*)\.exe index.php [nc] with no luck whatsoever I'm either regex-stupid, or this isn't possible... Help! Thanks, Dan Quote Link to comment Share on other sites More sharing options...
click Posted January 28, 2007 Share Posted January 28, 2007 At first glance it seems like that should work. Is there possibly another .htaccess file in a lower directory that is overriding it? Quote Link to comment Share on other sites More sharing options...
dcumpian Posted January 29, 2007 Author Share Posted January 29, 2007 Hello click, thanks for replying... No, there aren't any other .htaccess files with Rewrite/redirect rules. All other .htaccess files simply disable indexing. I experimented some more and discovered that I could get very close, but then the file download system would loop back to the index.php file as well. Apparently, the URL to actually download a file is the same once the PHP script serves it up. So, it doesn't look like this is possible and I'll have to monitor the awstats logs to see if there are abuses that way instead. Someone else recommended moving the location of the files to be downloaded to another folder out of the tree that is unreadable and then have another script authenticate and serve up the files as needed. Unfortunately, I only understood about half of what he recommended... I don't know how to create a script that can self-authenticate... Regards, Dan Quote Link to comment Share on other sites More sharing options...
click Posted January 29, 2007 Share Posted January 29, 2007 What about adding a RewriteCond that checks the referrer ( %{HTTP_REFFERER} ) like you would do to prevent hot linking. Quote Link to comment Share on other sites More sharing options...
dcumpian Posted January 30, 2007 Author Share Posted January 30, 2007 That actually might work, if HTTP_REFERER is not what I expect, then redirect to the index... I'll experiment with this... Thanks, Dan Quote Link to comment Share on other sites More sharing options...
dcumpian Posted January 30, 2007 Author Share Posted January 30, 2007 Thanks for the suggestion. The RewriteCond works like a charm. Regards, Dan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.