Anti Leech using HTTP REFERER is invalidate

Discussion in 'Apache' started by wmstlxl, Aug 15, 2006.

0
  1. #1
    I have some download files protected by "HTTP_REFERER"
    the config is:
    ----------------------------------------
    SetEnvIfNoCase Referer "^http://www\.mydomain\.com/" local_ref=1

    <FilesMatch "\.(pdf¦exe)">
    Order Allow,Deny
    Allow from env=local_ref
    </FilesMatch>
    ----------------------------------------

    A long time this work fine.

    But last 3 days, I check my log files,
    I find someone use a "Counterfeit" HTTP_REFERER to download these files.

    I sure these requests are not from my website, but these requests had a "Counterfeit" HTTP_REFERER like "http://www.mydomain.com/".
    then Anti Leech using HTTP_REFERER is invalidate.

    Who can give me some advice? I want to look for another method to protecte my files on Apache.

    Thanks.
     
    wmstlxl, Aug 15, 2006 IP
  2. wmstlxl

    wmstlxl Peon

    Messages:
    71
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    some advice?
     
    wmstlxl, Aug 20, 2006 IP
  3. fm91dot7

    fm91dot7 Peon

    Messages:
    80
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    I also want to know
     
    fm91dot7, Mar 19, 2007 IP
  4. JMen

    JMen Peon

    Messages:
    29
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    If any use download bot - he can give you any header, in this case any HTTP_REFERER.
    To protect files from stupid bots use JavaScript to make link.
    In another case you may use JavaScript + php sessions, like files-upload.com.
     
    JMen, Apr 1, 2007 IP