Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: softfail (nike.apache.org: transitioning domain of
 myles@techsol.org does not designate 69.50.200.40 as permitted sender)
From: "Myles Wakeham" <myles@techsol.org>
To: <users@httpd.apache.org>
References: <01f201c85a21$51244050$f36cc0f0$@org>
 <479129FB.4070106@swplumb.com>
In-Reply-To: <479129FB.4070106@swplumb.com>
Date: Fri, 18 Jan 2008 15:48:53 -0700
Message-ID: <020101c85a24$4f0f89c0$ed2e9d40$@org>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
thread-index: AchaI6w7Vu+rDWL5RCGiihy5lh3ebAAAJHhg
Content-Language: en-us
Subject: RE: [users@httpd] Looking for suggestions for URL redirection

Thank you for this suggestion.  I think I can see a way of doing it with
mod_rewrite. 

Much appreciated.

Myles

-----Original Message-----
From: Michael McGlothlin [mailto:michaelm@swplumb.com] 
Sent: Friday, January 18, 2008 3:37 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Looking for suggestions for URL redirection

I'd suggest using RewriteCond's in Apache to check the request headers 
for the right behavior and to deny if not right.
>
> Hi there, I hope that someone might have an idea or suggestion to help 
> me here.
>
> I have a web application running on Linux in Apache 2, php5. The 
> application manages a media database that is accessed by subscription. 
> The content is served off separate Apache servers - some are located 
> in different geographic regions. All users access the content by 
> common URL, such as http://www.maindomain.com/123/file.avi
>
> I use .htaccess with mod_rewrite to modify the incoming URL to a PHP 
> script such as 
> http://www.maindomain.com/getfile.php?user=123&file=file.avi 
> <http://www.maindomain.com/getfile.php?user=123&file=file.avi>
>
> This works great and the PHP script is called, logs the request, 
> checks the user's subscription rights, and if ok redirects them to the 
> actual file to obtain by way of a Header() command (ie. Modifies the 
> HTTP header to do a Location: .. To where the file actually resides).
>
> Although this works perfectly, the problem is that the user's browser 
> will change to reflect the endpoint URL where the file actually 
> resides. Users then simply have been cutting & pasting this URL into 
> their own websites and providing unaudited access to the raw file 
> directly and bypassing our script.
>
> I need to find a way to do this without displaying the endpoint URL to 
> the user in anyway. But it has to be able to be done through a PHP 
> script. Clearly Header() in PHP isn't cutting it. I also have to use 
> Apache at each endpoint web server location.
>
> I'm wondering if anyone has a suggestion on how best to do this? Can I 
> install something in .htaccess on the endpoint server end to reject 
> incoming requests that are not via authenticated redirects? Can I use 
> the HTTP_REFERRER in some way to ensure that what has come to this 
> server came by way of a legitimate referral?
>
> All ideas are greatly appreciated.
>
> Thanks
>
> Myles
>


-- 
Michael McGlothlin
Southwest Plumbing Supply


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org