| View previous topic :: View next topic |
| Author |
Message |
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
 Posted: Tue Sep 27, 2005 11:34 pm Post subject: Need some help [Solved!] |
 |
|
Read a few posts down , I've fixed this issue. :-)
Last edited by TRUSTAbyss on Wed Sep 28, 2005 10:20 pm; edited 3 times in total |
|
| Back to top |
   |
 |
roganty
-
Joined: 08 Jun 2004
Posts: 357
Location: Bristol, UK
|
| Posted: Wed Sep 28, 2005 12:45 am Post subject: Re: Need some help :( |
|
|
if you have the allowed hosts on separate lines then comparing each line inside a while loop might do the trick
| Code: | <?php
$host = $_SERVER["HTTP_HOST"];
$fp = fopen("allowed.txt", "r"); //open the file with the read switch
$hostInList = false; //set initially to false
while(! feof($fp) ){
$check_host = fgets($fp, 1024); //get a line up to a line break, or to the specified limit
if( eregi($host, $check_host) ){
$hostInFile = true; //we have found one, set it to true
break; //now that we have found a match, no need to carry on
}
}
if(! $hostInFile ){ //if the loop reached the end, and we found no matches
header("HTTP/1.1 403 Forbidden");
include("includes/forbidden.php");
exit;
}
?> |
_________________
Anthony R
Roganty | Links-Links.co.uk |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Wed Sep 28, 2005 6:20 am Post subject: |
|
|
I figured out what Aprelium uses for their Anti-Leech Protection by just thinking
of how to do it. The HTTP_REFERER will always be used , the browsers that don't
send the HTTP_REFERER will be able to download the files whether their linked
from the proper website or not. Browsers that do send the HTTP_REFERER will be
checked whether their allowed to link to the file. A really nice method :-)
To Aprelium:
Im just wondering if you use the HTTP_REFERER still. I've been thinking about
this method all day and when I tried Abyss , it works exactly how I explained it.
To Roganty: Since the HTTP_HOST is given from the server hosting the script ,
there is no possible way to make Anti-Leech work without using HTTP_REFERER.
Sincerely , TRUSTpunk |
|
| Back to top |
|
|
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Wed Sep 28, 2005 12:39 pm Post subject: |
|
|
I didn't really read above, so flame, whatever.
But set a cookie on the previous page and check its integrity?
_________________
 |
|
| Back to top |
    |
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Wed Sep 28, 2005 1:20 pm Post subject: |
|
|
| TRUSTpunk wrote: | I figured out what Aprelium uses for their Anti-Leech Protection by just thinking
of how to do it. The HTTP_REFERER will always be used , the browsers that don't
send the HTTP_REFERER will be able to download the files whether their linked
from the proper website or not. Browsers that do send the HTTP_REFERER will be
checked whether their allowed to link to the file. A really nice method :-)
To Aprelium:
Im just wondering if you use the HTTP_REFERER still. I've been thinking about
this method all day and when I tried Abyss , it works exactly how I explained it. |
That's why there is a check box in anti-leeching configuration. If ticked the server will consider the absence of the Referer header as a failure. Otherwise it will serve the file without any checks.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Wed Sep 28, 2005 2:22 pm Post subject: |
|
|
Allowing files to be downloaded when the referrer is not present is a pretty big failing in an antileech script IMHO. There are plenty of personal firewalls that turn referrers off as a privacy feature, and it is trivial to disable it in Firefox/Opera etc. Allowing every single user who does not have a referrer to download files would make it ridiculously easy for people to avoid your script. I'd go with a cookie/referrer combination.
_________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Wed Sep 28, 2005 9:28 pm Post subject: |
|
|
| MonkeyNation wrote: | | But set a cookie on the previous page and check its integrity? |
| Anonymoose wrote: | | I'd go with a cookie/referrer combination. |
Your correct!
Im going to do something different compaired to what I was going to try. I've
decided that if I add a 2 step process , that would double the anti-leech power
to an even greater percentage , what im going to do is check for two things. If
an HTTP_REFERER is not sent, it checks for the cookie and if the cookie is not
sent , it will automaticly allow the file to be downloaded.
If the strict option is enabled , It will deny access to the file and tell the user to
enable Cookies or disable any software that maybe blocking the HTTP_REFERER.
Sincerely , TRUSTpunk |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Thu Sep 29, 2005 5:20 am Post subject: |
|
|
Roganty , for some reason your code does not work when checking the
HTTP_REFERER , I developed a similar method for checking the file line
after line and it works just as you would expect it to. Enjoy :-)
The following code will be added to ::File Limit:: v2 , this is a great way
to build your own anti-leech script , feel free to use the code. LateR! :-)
| Code: |
<?php
$http_referer = $_SERVER["HTTP_REFERER"];
$InFile = FALSE;
$fp = fopen("allowed.txt", "rb");
while ($line = fgetcsv($fp, 1024, "\n")) {
if (eregi("^(http|https)://$line[0]", $http_referer)) {
$InFile = TRUE;
break;
}
}
fclose($fp);
if (!($InFile)) {
header("HTTP/1.1 403 Forbidden");
include("includes/forbidden.php");
exit;
}
?>
|
Sincerely , TRUSTpunk |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Thu Sep 29, 2005 8:55 am Post subject: |
|
|
Glad you're back on track...
Just a thought - for an anti-leech script, I would hope the default was to block downloads from users who have no cookie/referrer, rather than allow them and require the user to switch to strict mode to deny them. It should be the other way round...
_________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Thu Sep 29, 2005 12:33 pm Post subject: |
|
|
| Anonymoose wrote: | | Allowing files to be downloaded when the referrer is not present is a pretty big failing in an antileech script IMHO. There are plenty of personal firewalls that turn referrers off as a privacy feature, and it is trivial to disable it in Firefox/Opera etc. Allowing every single user who does not have a referrer to download files would make it ridiculously easy for people to avoid your script. I'd go with a cookie/referrer combination. |
TRUSTPunk can go with cookies in his script but it is difficult for us to do the same with all the files served by Abyss Web Server. It could be added as an option but in many cases using cookies will generate more problems than it solves (especially when protecting scripts).
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
|
