Jump to content
phpsane

How To Prevent Downloads With Php?

Recommended Posts

 

Php Guys,

 

Are you aware of any function or method where I can prevent downloads ?

Imagine a page with a lot of links. Like: links to pages and links to imgs or links to downloads.

Now, imagine I fetched that page with curl and the user is viewing the links present on the page.

 

Q1a. Now, if I were to prevent any downloads from the download links. How would I do it ?

Q1b -. Any php function that manages this prevention ?

Q1b - If not, then any workarounds you can think of ? I'm thinking of str_replacing the download links so they no longer showup as download links but as something else such as nothing.

 

Q2a. How would you get your cURL script to spot a download link and get it to not appear on your user's screen ?

Q2b. Would you get the script to check for the file extension that would reveal if it's a viewable file (html page, img file, etc.) or a downloading file ?

Q2c. What are the long list of download file extensions ?

 

 

When I cURL fetch or build my own web proxy or build my crawler, have to make sure they ignore download links. :)

Edited by phpsane

Share this post


Link to post
Share on other sites

It is impossible. There is no technical difference between viewing a page in a browser and the user downloading the page. If you don't want anyone to download a page then you can't let them browse it either.

Share this post


Link to post
Share on other sites

Req,

 

How do browsers or web proxies in a lan prevent downloads then when you try downloading onto your office computer ?

Also, when you click a download link, it does not get viewed on the browser. It downloads on your hdd and then you have to click and view from there such as .exe softwares, pdf files, video clips, etc.

Is it not true that, you can't directly view a video file on your browser (unless it is a streaming file) without downloading the file first and opening it on your video player ?

With audio files, I think the story is different. Or is it the same ?

I only have one lead on how to spot a downloadable link and deal with it.

Check the file extension on the link. If it's a compressed file (.rar, .zip) then most likely a downloadable item. 

If it's an audio or video file then again most likely a downloadable item.

(Maybe web proxies use either of these 2 methods to spot a downloadable link and prevent the download based on the admin's settings?).

 

Alternatively, I can get the php script to check the file extensions for streaming audio/video files. If they're streaming files then don't prevent them. Else, do.

But, I need more leads like this.

Thinking of changing the downloadable link's extensions as that way, the user clicking it on his browser would yield him no results (downloads).

Edited by phpsane

Share this post


Link to post
Share on other sites

Obviously a browser can block a download. Obviously. A proxy can too because it sits between your computer and the remote server, so anything being downloaded has to go through the proxy first.

 

> Also, when you click a download link, it does not get viewed on the browser. It downloads on your hdd

Because the remote server suggested that happen and the browser decided to do it.

 

> Is it not true that,

It is true that viewing a video requires downloading whatever part is being watched.

 

> With audio files, I think the story is different. Or is it the same ?

Same. Same with any resource at all: to view, listen, watch, whatever, the computer has to download it.

 

> Check the file extension on the link.

That's very limited but likely correct.

 

> If it's an audio or video file

If it's any file. Anything at all. Every response from a web server is a download. It doesn't matter what the resource is, whether it's a video or image or music or HTML page, every single thing is a download. When the average Joe says "download" they probably mean getting a file onto their computer, but technically speaking everything is a download.

Share this post


Link to post
Share on other sites

Obviously a browser can block a download. Obviously. A proxy can too because it sits between your computer and the remote server, so anything being downloaded has to go through the proxy first.

 

> Also, when you click a download link, it does not get viewed on the browser. It downloads on your hdd

Because the remote server suggested that happen and the browser decided to do it.

 

> Is it not true that,

It is true that viewing a video requires downloading whatever part is being watched.

 

> With audio files, I think the story is different. Or is it the same ?

Same. Same with any resource at all: to view, listen, watch, whatever, the computer has to download it.

 

> Check the file extension on the link.

That's very limited but likely correct.

 

> If it's an audio or video file

If it's any file. Anything at all. Every response from a web server is a download. It doesn't matter what the resource is, whether it's a video or image or music or HTML page, every single thing is a download. When the average Joe says "download" they probably mean getting a file onto their computer, but technically speaking everything is a download.

 

Don't worry. I know these basics. I'll tell you what I know so you guys won't have to repeat anything I already know.

Hell, our forum profiles should ask us some basic techie questions so other members can give us responses based on our intelligence level. You know what, I'm gonna add this feature onto my own forum, when I build one very soon. ;)

 

I know the difference between an interpreter (interprets codes on the fly: php, perl cgi, python, ruby, etc.) a compiler (does not interpret on the fly and is faster: c, c++, c#, maybe java, basic, liberty basic, fortran, cobol and what not).

Difference between a low level lang (machine code ones & zeros, assembly lang) med level lang ( c, c++, c#, maybe java), high level lang (basic, liberty basic, fortran, cobol and what not). Actually, you guys won't agree to a mid level lang. To you, the mid & high ones I listed are all high level langs.

 

I know how the dns system works. Was aware of the alternate name spaces back in early 2002 or so. Wanted have my own name space so I can create my own told such as:

 

.brand

.phpfreaks (brand name tld)

.sedopati (first name tld, surname tld, family name tld/lineage name tld)

 

But quit the venture as was too security risky.

 

Have built my own .exe tools (using gui tool).

Know a little php 5 & css. First learnt html back in late 90's.

 

And now, with php gonna build my own web proxy, searchengine, forum, social network, etc.

Adding a filter onto an existing web proxy is the beginning. :)

 

 

 

 

.

Share this post


Link to post
Share on other sites
Guys,

 

What line of code would you write on a web proxy's php to prevent a visitor from downloading anything onto their hdd ?

Consider a page with this content:

 

To view full details of tool, click here: description.html

To download std trial, click here: sedopati-tool.rar

To download pro trial, click here: jinergm-tool.exe

 

As you can see clearly, the last 2 links are downloadable links. Meaning you cannot view them on your browser.

And just how did you figure which ones are downloadable links ? By looking at the link extensions. I reckon web browsers use the same method to understand which is a viewable file (eg. html file) and which is a downloadable file. I am thinking of adding php code so the web proxy can figure-out which link is a viewable link and which a download link and deal with the download link promptly so the proxy user cannot download from the link. Prevent the download.

Now, the big question is: How would you guys prevent the download ?

My little php intelligence tells me to write code with str_replace to replace the extensions of files that are downloadable.

And the user's browser won't know or the web proxy won't know what to do with such "extension changed links" and so won't download them.

I can change these:

 


To download std trial, click here: sedopati-tool.rar

To download pro trial, click here: jinergm-tool.exe

 

To these:

 


To download std trial, click here: sedopati-tool.sdfsdf

To download pro trial, click here: jinergm-tool.sfsfsdf

 



However, a clever user (like Sedopati) might just copy the "sedopati-tool.sdfsdf" to his browser (url typing field) and replace the ".sdfsdf" with ".rar" (he can always try a variety of download extensions to guess the extension) and hit the ENTER button on his browser and the download would start. He'd bypass my filter. And so, how to prevent this ?

In this case, would you write a line of code to see if the url contains the downloadable extensions (.rar, .exe, etc.) and get the script to halt somehow ? I have a hunch how to do this. But I need feedback from pros if that is the way to go or not.

How would you guys prevent the downloads? What method would you use if you were writing your own web proxy or adding a filter (like I am trying to do here) on a web proxy that does not have a download filter ?

Maybe, best way to do things is to erase the whole links altogether. From this:

 


To download std trial, click here: sedopati-tool.rar

To download pro trial, click here: jinergm-tool.exe

 

To this:

 


To download std trial, click here: DOWNLOADS NOT ALLOWED!

To download pro trial, click here: DOWNLOADS NOT ALLOWED!

 

That way, the user never gets the file names. Because, if he gets the file names then all he has to do is change the gibberish extension to "rar", "zip", "exe" and the download would start.

Anyway, how would you foil downloads ?

And, what is the regex to spot links that have the following on their extensions ?

 

.exe

.rar

.zip

 

PS - Jinergm & Sedopati, excuse me for using your Usernames in my file examples. :)



 

Thanks!

Edited by phpsane

Share this post


Link to post
Share on other sites

We don't have a "jinergm" member.

 

> What line of code would you write on a web proxy's php to prevent a visitor from downloading anything onto their hdd ?

I wouldn't because I recognize that anything I'll come up with can be circumvented.

Share this post


Link to post
Share on other sites

We don't have a "jinergm" member.

 

> What line of code would you write on a web proxy's php to prevent a visitor from downloading anything onto their hdd ?

I wouldn't because I recognize that anything I'll come up with can be circumvented.

 

Oops! I keep getting it the wrong way round. It's Ginerjm is not it! Anyway, I did ask him if I can call him Ginger Man instead as it's easier to remember to write the "G" first.

As for anything you try becoming circumvented. Try some tactics here. Because, it might give me some good ideas of my own which won't get circumvented and which you overlooked. I'm quite good at it when it comes to build something of your own from others' ideas/ Something they overlooked.

Plus, your ideas would be a good learning curve or the newbies. :)

Share this post


Link to post
Share on other sites

> it might give me some good ideas of my own which won't get circumvented

This isn't a matter of creativity or cleverness. This is a matter of technical behavior. Behavior that you have demonstrated you do not understand.

 

If your proxy thing lets any response through then that response can be used as a download. Thus to block all downloads you must block all responses. Which isn't an option.

 

You might as well ask me for a way to prevent your users from eating while using your app. Do you at least understand why that's not possible?

Share this post


Link to post
Share on other sites

> it might give me some good ideas of my own which won't get circumvented

This isn't a matter of creativity or cleverness. This is a matter of technical behavior. Behavior that you have demonstrated you do not understand.

 

If your proxy thing lets any response through then that response can be used as a download. Thus to block all downloads you must block all responses. Which isn't an option.

 

You might as well ask me for a way to prevent your users from eating while using your app. Do you at least understand why that's not possible?

 

 
W-ell, w-e can alw-ays- sh-ow- them so-me filthy pics that will put them off from eating. Dog sh*-t. Lol!
I understand what you mean. You're saying both the page view and the file downloads use the same http or whatever protocol and not separate. had they been separate then it would have been easier to sort this out by blocking the downloader protocol.
But that does not explain how some systems prevent downloads while you're able to still view webpages. I am sure I came across this once upon a time.
Oh well, I get back to searching for a complete list of file extensions and then do the str_replace method I mentioned above on files that are downloadable (.rar, .zip, .mov, .wmp, etc.) as I can't think of anything better than this method to prevent the file down-loads.
Edited by phpsane

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.