Thank you for this suggestion. I think I can see a way of doing it with mod_rewrite. Much appreciated. Myles -----Original Message----- From: Michael McGlothlin [mailto:michaelm@xxxxxxxxxxx] Sent: Friday, January 18, 2008 3:37 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: Looking for suggestions for URL redirection I'd suggest using RewriteCond's in Apache to check the request headers for the right behavior and to deny if not right. > > Hi there, I hope that someone might have an idea or suggestion to help > me here. > > I have a web application running on Linux in Apache 2, php5. The > application manages a media database that is accessed by subscription. > The content is served off separate Apache servers - some are located > in different geographic regions. All users access the content by > common URL, such as http://www.maindomain.com/123/file.avi > > I use .htaccess with mod_rewrite to modify the incoming URL to a PHP > script such as > http://www.maindomain.com/getfile.php?user=123&file=file.avi > <http://www.maindomain.com/getfile.php?user=123&file=file.avi> > > This works great and the PHP script is called, logs the request, > checks the user's subscription rights, and if ok redirects them to the > actual file to obtain by way of a Header() command (ie. Modifies the > HTTP header to do a Location: .. To where the file actually resides). > > Although this works perfectly, the problem is that the user's browser > will change to reflect the endpoint URL where the file actually > resides. Users then simply have been cutting & pasting this URL into > their own websites and providing unaudited access to the raw file > directly and bypassing our script. > > I need to find a way to do this without displaying the endpoint URL to > the user in anyway. But it has to be able to be done through a PHP > script. Clearly Header() in PHP isn't cutting it. I also have to use > Apache at each endpoint web server location. > > I'm wondering if anyone has a suggestion on how best to do this? Can I > install something in .htaccess on the endpoint server end to reject > incoming requests that are not via authenticated redirects? Can I use > the HTTP_REFERRER in some way to ensure that what has come to this > server came by way of a legitimate referral? > > All ideas are greatly appreciated. > > Thanks > > Myles > -- Michael McGlothlin Southwest Plumbing Supply --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|