| Author |
|
zhousu
Newbie
Joined: 11 September 2007
Online Status: Offline
Posts: 9
|
| Posted: 01 August 2011 at 11:27am | IP Logged
|
|
|
hotlink_module use digit only file name, DOES NOT WORK
e.g. http://127.0.0.1/mp3/20111/123456789.mp3
with a letter, works
e.g. http://127.0.0.1/mp3/20111/a123456789.mp3
----------------------------------------
rules below
SetEnv mod_hotlink
HotlinkExpires 1800
HotlinkSignature 0433343675675675
HotlinkProtect /mp3 [Redirect]
Edited by zhousu - 01 August 2011 at 11:27am
|
| Back to Top |
|
| |
Vyacheslav
Admin Group
Joined: 02 July 2008
Location: Ukraine
Online Status: Offline
Posts: 1542
|
| Posted: 02 August 2011 at 3:08am | IP Logged
|
|
|
Hello.
Please enable only the following code:
Code:
| HotlinkProtect /mp3 [Redirect] |
|
|
and make 2 requests to each variant, using WFetch tool: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21625
In those two requests, one should include Referer header and the other one shouldn’t.
When it works you should see redirection in case when the Referer header is set.
__________________
Slavik Shynkarenko,
Helicon Tech.
|
| Back to Top |
|
| |
zhousu
Newbie
Joined: 11 September 2007
Online Status: Offline
Posts: 9
|
| Posted: 02 August 2011 at 9:40am | IP Logged
|
|
|
Hi Vyacheslav
I carefully test it again, it's a bug. when the file name is 16 chars, the same length as HotlinkBlocker Signature(23d8112b8dfe00bb)
e.g. http://127.0.0.1/mp3/20111/1234567890123456.mp3 not working
e.g. http://127.0.0.1/mp3/20111/abc1234567890123.mp3 not working
second bug:
if you send a request to http://127.0.0.1/mp3/20111/123456789.mp3
APE will set a cookie with HotlinkBlocker Signature,
user can use the cookie value easily change the url
http://127.0.0.1/mp3/20111/123456789.mp3
to
http://127.0.0.1/mp3/20111/xxxxxxxxxx/123456789.mp3
make HotlinkBlocker useless.
-------------------------------------------------------------------
GET /mp3/20111/123456789.mp3 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
HTTP/1.1 403 Forbidden
Content-Type: text/html
Location: /mp3/20111/123456789.mp3
Server: Microsoft-IIS/7.5
Set-Cookie: HotlinkBlocker=f773b43fc4dc57fb; expires=Tue, 02-Aug-2011 15:03:17 GMT; path=/
Date: Tue, 02 Aug 2011 14:33:16 GMT
Content-Length: 1157
Edited by zhousu - 02 August 2011 at 9:46am
|
| Back to Top |
|
| |
Vyacheslav
Admin Group
Joined: 02 July 2008
Location: Ukraine
Online Status: Offline
Posts: 1542
|
| Posted: 03 August 2011 at 10:19am | IP Logged
|
|
|
Hello.
We’re working on a fix.
Thank you for your feedback.
__________________
Slavik Shynkarenko,
Helicon Tech.
|
| Back to Top |
|
| |
zhousu
Newbie
Joined: 11 September 2007
Online Status: Offline
Posts: 9
|
| Posted: 04 August 2011 at 9:17am | IP Logged
|
|
|
HotlinkBlocker Cookie problem hasn't fixed.
|
| Back to Top |
|
| |
Vyacheslav
Admin Group
Joined: 02 July 2008
Location: Ukraine
Online Status: Offline
Posts: 1542
|
| Posted: 05 August 2011 at 5:51am | IP Logged
|
|
|
Hello.
Cookie doesn’t guarantee access to the file. If another web-client uses same cookie, most likely it will get new cookie (depends on “expires” value). You can use HotlinkExpires directive to set when the cookie should expire.
__________________
Slavik Shynkarenko,
Helicon Tech.
|
| Back to Top |
|
| |
Helicon Tech : Helicon Ape
Topic: hotlink_module bug
Active Topics
Memberlist
Help
Register
Login