Jump to content

Recommended Posts

In trying to block the un-authorized download of MP3 files on the development version of a new client site. I successfully blocked external access to the files with the following code, placed directly in the directory containing the MP3s - and it worked. The MP3s played in the flash player and were denied access via direct cURL. GREAT!

 

Order Deny,Allow
Deny from all
Allow from dev.bizlab.us

 

Now, since there will be multiple artists on the site, i wanted to localize the deny directive to the main htaccess file. i decided to change the directive to deny all MP3 files by type using the FilesMatch regex (the syntax is correct - see below). This statement was placed in the htaccess in the document root to allow control over all directories.

 

#block downloads of MP3 files
<FilesMatch "\.(swf|mp3)$">
Order Deny,Allow
Deny from all
Allow from dev.bizlab.us
</FilesMatch>

 

When i ran this directive, all the MP3s were blocked from inside and outside the site. Now the kicker... i reverted back to the original directive in the directory holding the MP3 files and the they where still blocked... everywhere.. the only way to return the MP3 files (to functioning) was to remove all htaccess deny directives.

 

1. this is not a cache issue. The browser history and cache was cleared and closed on each attempt

2. i have no idea.. but this development version of the site is on my server's sub domain (problem here?)

3. this is a basic network solutions shared server running apache 2x

 

Link to site (i will be messing with this today, so it may or may not work when you arrive. i will mark this as "solved" if it is indeed fixed

http://dev.bizlab.us/bocmusic/artists/nilogy/index.php

Ok, trying your code, the deny worked after i escaped the "." (as in the apache docs) but the allow statement continues to fail.

 

SetEnvIf Referer dev\.bizlab\.us internal
<FilesMatch "\.mp3$"> 
Order Deny,allow 
Deny from all 
allow from env=internal 
</FilesMatch>

// provides the same output as 

<Files ~ "\.mp3$">
Order Deny,allow 
Deny from all 
allow from env=internal
</Files>

 

this is a direct link to a sample MP3 file, which should be blocked (and it is when the .htaccess is in place)

http://dev.bizlab.us/bocmusic/artists/nilogy/music/albums/shattered/your-grace.mp3

 

however, the MP3 file should now be available in the music player here http://dev.bizlab.us/bocmusic/artists/nilogy/index.php but isn't.

 

Notice I dropped the "or" statement from the condition. The strange part was that when we had (swf|mp3) as the file type, the SWF file was made available to the local system, and the MP3 files were still denied..

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.