Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

How to block file download/access requests if not referred from X (WP) site?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to block file download/access requests if not referred from X (WP) site?

xadexade Member
in Help

How to block file download/access requests if not referred from X (WP) site?
The configuration i want is simple:
WP Site (i have) > Member area > Download Link (on another server which we have cpanel and ftp access to the server) > WP users can access otherwise shouldn't be.
How to do?

What i meant is only wordpress users or the wordpress site referred visitors should get access to these direct download links others shouldnt.

Huh hope i explained clearly

WP: Wordpress

sorry for english lol

Comments

  • Adam1Adam1 Member

    are you serving the files with php? or directly? are you familiar with .htaccess?

  • xadexade Member
    edited May 2019

    @Adam1 said:
    are you serving the files with php? or directly? are you familiar with .htaccess?

    yes its perl based custom script (not directly)
    and yes i am familiar with .htaccess

  • TheLinuxBugTheLinuxBug Member

    I believe what you are explaining is called 'hot linking' where another site will post your link or source data from your site causing higher bandwidth for your site. Depending on what type of hosting you are using, such as one with cPanel, there is usually provided a way to disabled hot linking from the panel. In other cases, you should search more on 'hot linking' and find a solution that works best for your specific case.

    As an example, in cPanel you can do the following, usually:
    To enable / disable hot link protection, please do the following:

    • Login to cPanel and click HotLink Protection.
    • Make sure the domain name you wish to protect is in the box called "URLs to allow access".
    • In the box called "Block direct access for these extensions", provide the extensions for which you would like to block.
    • We suggest you check the box for "Allow direct requests".
    • Skip the "Redirect request to this URL" box and hit Submit.

    Hope this helps.

    Cheers!

  • Adam1Adam1 Member

    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^https://(www.)mydoma.in/.*$ [NC]
    RewriteRule /path/to/down.load$ - [F]

    should do it

  • xadexade Member
    edited May 2019

    @TheLinuxBug said:
    I believe what you are explaining is called 'hot linking' where another site will post your link or source data from your site causing higher bandwidth for your site. Depending on what type of hosting you are using, such as one with cPanel, there is usually provided a way to disabled hot linking from the panel. In other cases, you should search more on 'hot linking' and find a solution that works best for your specific case.

    As an example, in cPanel you can do the following, usually:
    To enable / disable hot link protection, please do the following:

    • Login to cPanel and click HotLink Protection.
    • Make sure the domain name you wish to protect is in the box called "URLs to allow access".
    • In the box called "Block direct access for these extensions", provide the extensions for which you would like to block.
    • We suggest you check the box for "Allow direct requests".
    • Skip the "Redirect request to this URL" box and hit Submit.

    Hope this helps.

    Cheers!

    i use webmin/virtualmin , do u know how to do it on webmin?

    so it'd allow X site to refer (when referred -by clicking link from wp site-) those direct download links and allow access/download otherwise dont allow (if tried direct access to those links) ?

  • xadexade Member
    edited May 2019

    @Adam1 said:

    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^https://(www.)mydoma.in/.*$ [NC]
    RewriteRule /path/to/down.load$ - [F]

    should do it

    https://(www.)mydoma.in/

    it will be: https://(www.)example.com/ , right?
    and

    RewriteRule /path/to/down.load$ - [F]

    should be like
    /home/mysitefolder/anotherfolder/download-folder$ , right?

    and is it in download folder htaccess or public html htaccess?

  • TionTion Member

    Referer is unreliable. Generate token based links on request which expire after a set amount of time. You can another restriction like limitation of request per IP to prevent script from scrapping your url then again that takes some work to do and is your content that wanted to waste time on protection?

  • xadexade Member

    @Tion said:
    Referer is unreliable. Generate token based links on request which expire after a set amount of time. You can another restriction like limitation of request per IP to prevent script from scrapping your url then again that takes some work to do and is your content that wanted to waste time on protection?

    second one is go to solution it seems..
    do you know how to allow only per wp logged ip address of users?

    Important note: The links are not direct link location of files, they are generated urls via perl based script

Sign In or Register to comment.