httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Bligh <a...@alex.org.uk>
Subject Re: [users@httpd] Secure htaccess in a non-SSL Apache (and withoutDigest...)
Date Thu, 09 Aug 2012 20:31:27 GMT


--On 29 June 2012 15:08:44 +0100 Alex Bligh <alex@alex.org.uk> wrote:

>> You have talked about perl and mod_perl. I understand that you can
>> override htaccess to use a self-made bit of Perl code that process it and
>> check the token. Is this right?
>
> You don't need to override htaccess.
>
> Here's a piece of perl found through a random google search to send
> a file:
>  http://rasterweb.net/raster/code/sendfile.html
> You'll need to change the header as appropriate. Drop that in as
> a CGI script (there are a million examples of perl CGI howtos).
> It would be more efficient if it used sendfile.
>
> All you need to do is modify that perl CGI script to check the
> GET parameters. My idea was simply to use parameters for your video
> name, the time, the user, and perhaps a random nonce, and also pass
> a hash of those. So, CGI document is here:
>   http://perldoc.perl.org/CGI.html
> and you might want to do something like (completely untested):

Well, guess what, I needed to do this myself. So for anyone else
who wants to do it, see:

 http://blog.alex.org.uk/2012/08/09/reliable-and-trackable-download-servers/

-- 
Alex Bligh

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message