Provide Authenticated Links With Expiry Date (like AmazonS3)

Fix it!!

Provide Authenticated Links With Expiry Date (like AmazonS3)

Postby asdasdasd » Sun Oct 12, 2008 10:18 am

Hi there,

I want to replicate a very nice functionality of Amazon's S3 service, on Apache with mod_rewrite and php.

Let's take this URL

Code: Select all
http://s3.amazonaws.com/bucketname/filename.mp3?AWSAccessKeyId=PUBLICKEY&Expires=1223819400&Signature=SIGNATURE


So, this file is to be only readable when the correct publickey is given, and the signature matches the request string. Additionally, the request time has to be before the Unix timestamp given in the Expires variable.

So I understand this can be done with RewriteMap? (How?)

But are the files under /bucketname then inaccessible if the correct Key, Signature and Expiry-Date are not given?

Please advise. Thanks!
asdasdasd
 
Posts: 2
Joined: Sun Oct 12, 2008 10:10 am

Postby richardk » Mon Oct 13, 2008 9:46 am

Do you have access to the httpd.conf file? You need to to declare a RewriteMap.

It would be something like
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteMap bucketname_access prg:/path/to/bucketname_access.php

# Check the map. If it doesn't return true...
RewriteCond ${bucketname_access:%{REQUEST_URI}?%{QUERY_STRING}|false} !^true$
# ...send a forbidden header/error.
RewriteRule ^/bucketname(/.*)?$ - [F,L]

Your program should have /bucketname/filename.mp3?AWSAccessKeyId=PUBLICKEY&Expires=1223819400&Signature=SIGNATURE passed to it in STDIN. To allow access you should return "true" (in STDOUT i think).
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby asdasdasd » Mon Oct 13, 2008 9:59 am

Thanks, mate...

I will check with my hoster, but I think this might be a viable option.
asdasdasd
 
Posts: 2
Joined: Sun Oct 12, 2008 10:10 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 4 guests

cron