BizLab Posted July 15, 2011 Share Posted July 15, 2011 In trying to block the un-authorized download of MP3 files on the development version of a new client site. I successfully blocked external access to the files with the following code, placed directly in the directory containing the MP3s - and it worked. The MP3s played in the flash player and were denied access via direct cURL. GREAT! Order Deny,Allow Deny from all Allow from dev.bizlab.us Now, since there will be multiple artists on the site, i wanted to localize the deny directive to the main htaccess file. i decided to change the directive to deny all MP3 files by type using the FilesMatch regex (the syntax is correct - see below). This statement was placed in the htaccess in the document root to allow control over all directories. #block downloads of MP3 files <FilesMatch "\.(swf|mp3)$"> Order Deny,Allow Deny from all Allow from dev.bizlab.us </FilesMatch> When i ran this directive, all the MP3s were blocked from inside and outside the site. Now the kicker... i reverted back to the original directive in the directory holding the MP3 files and the they where still blocked... everywhere.. the only way to return the MP3 files (to functioning) was to remove all htaccess deny directives. 1. this is not a cache issue. The browser history and cache was cleared and closed on each attempt 2. i have no idea.. but this development version of the site is on my server's sub domain (problem here?) 3. this is a basic network solutions shared server running apache 2x Link to site (i will be messing with this today, so it may or may not work when you arrive. i will mark this as "solved" if it is indeed fixed http://dev.bizlab.us/bocmusic/artists/nilogy/index.php Quote Link to comment https://forums.phpfreaks.com/topic/242056-htaccess-denyallow-once-worked-now-fails/ Share on other sites More sharing options...
premiso Posted July 15, 2011 Share Posted July 15, 2011 Try this: SetEnvIf Referer dev.bizlab.us internal # <Files "\.(swf|mp3)$"> order Deny,allow Deny from all allow from env=internal </Files> Quote Link to comment https://forums.phpfreaks.com/topic/242056-htaccess-denyallow-once-worked-now-fails/#findComment-1243080 Share on other sites More sharing options...
BizLab Posted July 15, 2011 Author Share Posted July 15, 2011 Ok, trying your code, the deny worked after i escaped the "." (as in the apache docs) but the allow statement continues to fail. SetEnvIf Referer dev\.bizlab\.us internal <FilesMatch "\.mp3$"> Order Deny,allow Deny from all allow from env=internal </FilesMatch> // provides the same output as <Files ~ "\.mp3$"> Order Deny,allow Deny from all allow from env=internal </Files> this is a direct link to a sample MP3 file, which should be blocked (and it is when the .htaccess is in place) http://dev.bizlab.us/bocmusic/artists/nilogy/music/albums/shattered/your-grace.mp3 however, the MP3 file should now be available in the music player here http://dev.bizlab.us/bocmusic/artists/nilogy/index.php but isn't. Notice I dropped the "or" statement from the condition. The strange part was that when we had (swf|mp3) as the file type, the SWF file was made available to the local system, and the MP3 files were still denied.. Quote Link to comment https://forums.phpfreaks.com/topic/242056-htaccess-denyallow-once-worked-now-fails/#findComment-1243094 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.