Prevent User direct access to one file.php

Fix it!!

Prevent User direct access to one file.php

Postby huyhoa » Thu Mar 26, 2009 10:14 pm

I have a music file, which use xml throught php file to export content to xml file like this:
Code: Select all
mysite.com/link.php?id=23

Then when direct access it in browse it will display content like this:
Code: Select all
<playlist version="1">

<trackList>

<track>
<Title>Music title</Title>
<creator>Singer</creator>

<location>
http://mymusic.com/folder/linkmusic.mp3
</location>
<image>http://www.mysite.com/pic.php?id=23</image>
</track>
</trackList>
</playlist>

Then all my music link will be public.
Now i want all access to this file will prevent if it is not from my site.com,
(I'm using flash player to play this xml file)
Is it imposible?
And how, help me please.
huyhoa
 
Posts: 35
Joined: Tue Nov 28, 2006 2:25 am

Postby richardk » Fri Mar 27, 2009 1:38 am

Try
Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com(/.*)?$ [NC]
RewriteRule ^link\.php$ - [F,L]

This may block legitimate users if there is a problem with the Referer header.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby huyhoa » Fri Mar 27, 2009 5:12 am

Thank you so much Richardk.
I try to use that, but it also prevent my flashplayer to connect, then it cannot play music. I see in error log it display that
Code: Select all
Forbidden

You don't have permission to access /link.php on this server.


Can you please check it for me?
huyhoa
 
Posts: 35
Joined: Tue Nov 28, 2006 2:25 am

Postby richardk » Fri Mar 27, 2009 12:43 pm

Then your flashplayer most likely does not send a Referer header so you can't do this type of hotlink protection.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: Google [Bot] and 1 guest

cron