protect from stealing links

E

eyal_p

Guppy
Hi all, anyone have a clue how can i protect files i'm offering to download? i mean that they will be able to be downloaded only from within my site and not if someone is puting the link to my files in another site/forum........i can make password protected folders if it helps....anyone got a clue?

oh...and please dont tell me to use htaccess.....it's a windows server and anyway i can't do it...
 
Thanks for your help man :) , but i dont think you understood what i need...when i put a file on my page that people can download, lets say my file is file.zip then no metter what i do, even if i'll put the link to a page.asp and in this page i'll put response.redirect to my real file's address then on the download window or in any download manager software then this link is visible so people can just put that link in other sites and then the file is available to download from this link....i want the file will be able to be accesed from my site only....maybe you have any idea? 8o
 
eyal_p said:
Thanks for your help man :) , but i dont think you understood what i need...when i put a file on my page that people can download, lets say my file is file.zip then no metter what i do, even if i'll put the link to a page.asp and in this page i'll put response.redirect to my real file's address then on the download window or in any download manager software then this link is visible so people can just put that link in other sites and then the file is available to download from this link....i want the file will be able to be accesed from my site only....maybe you have any idea? 8o
Click to expand...
Not sure what the equivalent is in ASP or PHP but using ColdFusion's CFHeader and CFContent tag you can reference to a .cfm page for downloading and then have the .CFM page literally push the file out as opposed to redirecting to it.

It's all in the headers and how the browser sees it.

Here's a link with an example:
http://mysecretbase.com/How_To_Display_Protected_Files.cfm

You may not be on a CF-Enabled server so this may not be the final solution for you but this is the concept you want to try and replicate in ASP or PHP.

Hatton
 
The planet-source-code.com page seems down at the moment, but as Hatton mentions you will want a script that pushes the downloadable content instead of redirecting to it. That way you can put the actual source file outside the HTTP accessible directory, or inside a password protected subdirectory.

I'm not sure where I got this code, but it works like a charm. All you have to do to actually protect the file is to check the Referer with Request.ServerVariables("HTTP_REFERER").

Code: 
<%
' Settings
FileSource = Server.MapPath("protected_dir/sourcefile.dat")
FileName = "desiredfilename.dat"
ContentType = "application/octet-stream"
Const BlockSize = 100000
Const AsDownload = True

' Get File Size
Set fso = CreateObject("Scripting.FileSystemObject")
Set fileObject = fso.GetFile(FileSource)
FileSize = fileObject.Size
Set fso = Nothing

' Header and Cache
Response.Expires = 0
Response.Buffer = True
Response.ContentType = ContentType
Response.AddHeader "Accept-Ranges", "bytes"
If AsDownload Then Response.AddHeader "Content-Disposition", "attachment; filename=" & FileName
Response.AddHeader "Content-Length", FileSize
Response.Flush

' Open ADODB stream to get chunks of file
Set BinaryStream = Server.CreateObject("ADODB.Stream")
BinaryStream.Open
BinaryStream.Type = 1 ' Binary
BinaryStream.LoadFromFile(FileSource)

' Send data
FileSent = 0
While FileSent + BlockSize < FileSize
	Response.BinaryWrite BinaryStream.Read(BlockSize)
	FileSent = FileSent + BlockSize
	Response.Flush
Wend
Response.BinaryWrite BinaryStream.Read(FileSize - FileSent)

Set BinaryStream = Nothing
%>

I wouldn't say this would make external linking absolutely impossible, but at least it would be very difficult. Also browsers are not required to include Referer information, though all the common ones do :)
 
You must log in or register to reply here.
Back
Top