httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Myles Wakeham" <my...@techsol.org>
Subject RE: [users@httpd] Looking for suggestions for URL redirection
Date Fri, 18 Jan 2008 22:48:53 GMT
Thank you for this suggestion.  I think I can see a way of doing it with
mod_rewrite. 

Much appreciated.

Myles

-----Original Message-----
From: Michael McGlothlin [mailto:michaelm@swplumb.com] 
Sent: Friday, January 18, 2008 3:37 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Looking for suggestions for URL redirection

I'd suggest using RewriteCond's in Apache to check the request headers 
for the right behavior and to deny if not right.
>
> Hi there, I hope that someone might have an idea or suggestion to help 
> me here.
>
> I have a web application running on Linux in Apache 2, php5. The 
> application manages a media database that is accessed by subscription. 
> The content is served off separate Apache servers - some are located 
> in different geographic regions. All users access the content by 
> common URL, such as http://www.maindomain.com/123/file.avi
>
> I use .htaccess with mod_rewrite to modify the incoming URL to a PHP 
> script such as 
> http://www.maindomain.com/getfile.php?user=123&file=file.avi 
> <http://www.maindomain.com/getfile.php?user=123&file=file.avi>
>
> This works great and the PHP script is called, logs the request, 
> checks the user's subscription rights, and if ok redirects them to the 
> actual file to obtain by way of a Header() command (ie. Modifies the 
> HTTP header to do a Location: .. To where the file actually resides).
>
> Although this works perfectly, the problem is that the user's browser 
> will change to reflect the endpoint URL where the file actually 
> resides. Users then simply have been cutting & pasting this URL into 
> their own websites and providing unaudited access to the raw file 
> directly and bypassing our script.
>
> I need to find a way to do this without displaying the endpoint URL to 
> the user in anyway. But it has to be able to be done through a PHP 
> script. Clearly Header() in PHP isn't cutting it. I also have to use 
> Apache at each endpoint web server location.
>
> I'm wondering if anyone has a suggestion on how best to do this? Can I 
> install something in .htaccess on the endpoint server end to reject 
> incoming requests that are not via authenticated redirects? Can I use 
> the HTTP_REFERRER in some way to ensure that what has come to this 
> server came by way of a legitimate referral?
>
> All ideas are greatly appreciated.
>
> Thanks
>
> Myles
>


-- 
Michael McGlothlin
Southwest Plumbing Supply





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message