This forum has been moved here:
Helicon Tech Community Forum

  Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
ISAPI_Rewrite 2.x
 Helicon Tech : ISAPI_Rewrite 2.x
Subject Topic: Blocking direct file access Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
howardoates
Newbie
Newbie


Joined: 03 March 2010
Location: United Kingdom
Online Status: Offline
Posts: 4
Posted: 03 March 2010 at 7:57am | IP Logged Quote howardoates
Hi this is my first post and first try with ISAPI rewrite.

I am trying to restrict access to restricted documents, which are only
available to subscription members. I have the following script which stops
URL linking but how do i stop access through a directly typed URL?? i can't
find any info at all, please help :)

Code:
RewriteCond Referer: (?!http://www\.testsite\.co\.uk(?
:/somefolder/referrerPage\.aspx|/somefolder/referrerPage2\.aspx))(.+)
RewriteRule .*mytestfile\.(?:pdf|doc) /youmustlogin.aspx [L]
Back to Top View howardoates's Profile Search for other posts by howardoates Visit howardoates's Homepage
 
Anton
Admin Group
Admin Group


Joined: 30 January 2007
Location: Ukraine
Online Status: Offline
Posts: 10520
Posted: 03 March 2010 at 8:45am | IP Logged Quote Anton
And how is it possible to check whether the user is subscribed or not?
Could you please explain the logics and I'll try to help with the rules.

__________________
Regards,
Anton
Back to Top View Anton's Profile Search for other posts by Anton
 
howardoates
Newbie
Newbie


Joined: 03 March 2010
Location: United Kingdom
Online Status: Offline
Posts: 4
Posted: 03 March 2010 at 9:10am | IP Logged Quote howardoates
HI, thanks for the reply!

The system is a CMS and is set up to handle all the users and
subscriptions etc. Unfortunately the CMS uploads the media files to a web
folder which is not secure, so a URL path could be distributed freely and
the files be downloaded.

I wanted any access via typed URL or hyperlink to redirect to a login page
unless the link was from an authorized referring page which would be
handled by the CMS.

Thanks and look forward to your reply!

Back to Top View howardoates's Profile Search for other posts by howardoates Visit howardoates's Homepage
 
Anton
Admin Group
Admin Group


Joined: 30 January 2007
Location: Ukraine
Online Status: Offline
Posts: 10520
Posted: 04 March 2010 at 3:28am | IP Logged Quote Anton
Ok, I see. But I want you to tell me the criteria to distinguish authorized users from non-authorized.

__________________
Regards,
Anton
Back to Top View Anton's Profile Search for other posts by Anton
 
howardoates
Newbie
Newbie


Joined: 03 March 2010
Location: United Kingdom
Online Status: Offline
Posts: 4
Posted: 08 March 2010 at 6:49am | IP Logged Quote howardoates

In the CMS (umbraco) the user is assigned to a group upon registration automatically if they select the "subscirbe" option. They can also subscribe 'post registration' via their myAccount section, including a paid option for additional content.

There are two tiers of group, one free (reg only) and one for paid Both groups allow them to browse a docuements section to view files. The pages are secure and check if the user belongs to the group for authorization. I hope that helps and thanks for your time!
Back to Top View howardoates's Profile Search for other posts by howardoates Visit howardoates's Homepage
 
Anton
Admin Group
Admin Group


Joined: 30 January 2007
Location: Ukraine
Online Status: Offline
Posts: 10520
Posted: 09 March 2010 at 9:28am | IP Logged Quote Anton
Ok, i see the idea.
But i'm afraid it's beyond the capabilities of ISAPI_Rewrite.

__________________
Regards,
Anton
Back to Top View Anton's Profile Search for other posts by Anton
 
howardoates
Newbie
Newbie


Joined: 03 March 2010
Location: United Kingdom
Online Status: Offline
Posts: 4
Posted: 09 March 2010 at 11:04am | IP Logged Quote howardoates
Thanks for getting back to me. I have managed to restrict access to the files
by the ISAPI code redirecting to a login by using the rewriteCond: referrer
(pecified as the authorized download page only). All i need to do is stop
directly typed URL's, is there any way to achieve this as the referrer does not
seem to work. I thought if you directly type a URL it is not referred from the
download page so, theoretically should return false and ISAPI would redirect
to the login page. I am i on the wrong track here? thanks!
Back to Top View howardoates's Profile Search for other posts by howardoates Visit howardoates's Homepage
 
Anton
Admin Group
Admin Group


Joined: 30 January 2007
Location: Ukraine
Online Status: Offline
Posts: 10520
Posted: 10 March 2010 at 1:42am | IP Logged Quote Anton
"I thought if you directly type a URL it is not referred from the download page so, theoretically should return false and ISAPI would
redirect to the login page."
- it's not actually this way because some browsers (e.g. IE) do not set Referer header, so it'll be empty anyway...

__________________
Regards,
Anton
Back to Top View Anton's Profile Search for other posts by Anton
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum