rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: tailsheep on January 08, 2014, 09:42:44 AM
-
I've been puzzled by what should be entered in the "Allowed Referer" field to make it work.
Is there a format?
For example, if my website is http://www.xxx.com, what shall be entered into this field to prevent hotlinking?
-
I've been puzzled by what should be entered in the "Allowed Referer" field to make it work.
Is there a format?
For example, if my website is http://www.xxx.com, what shall be entered into this field to prevent hotlinking?
I've checked along the update logs of previous builds and noticed that in #135 build, the "allowed referer" option has been changed to always accept hfs itself as the referer, and the only way for this referer limit to work is by having a username/password.
http://www.rejetto.com/forum/beta/testing-build-135/ (http://www.rejetto.com/forum/beta/testing-build-135/)
http://www.rejetto.com/forum/beta/testing-build-136/msg1027570/#msg1027570 (http://www.rejetto.com/forum/beta/testing-build-136/msg1027570/#msg1027570)
So does this mean that for the lastest build people can directly download my files by entering the url of my files even though I've set the "allowed referer"?
Actually I have a website on another server, and I would like to use hfs purely as the file server; I would like people to login my website first instead of just downloading my files directly from my file server. So is there way that can help me achieve this if the "allowed referer" is not the ideal answer?
-
the only way for this referer limit to work is by having a username/password.
this is not true. The two features are not related at all.
So does this mean that for the lastest build people can directly download my files by entering the url of my files even though I've set the "allowed referer"?
mmm, no.
That option is not well designed maybe, but it is supposed to be working.
Actually I have a website on another server, and I would like to use hfs purely as the file server; I would like people to login my website first instead of just downloading my files directly from my file server. So is there way that can help me achieve this if the "allowed referer" is not the ideal answer?
did you try to enter your web server address as value for "allowed referer"?
You can also try reading the documentation
http://www.rejetto.com/wiki/index.php?title=HFS:_Main_menu
-
this is not true. The two features are not related at all.
mmm, no.
That option is not well designed maybe, but it is supposed to be working.
did you try to enter your web server address as value for "allowed referer"?
Thanks for your reply!!
I've found a workaround by using event scripts! Thanks for the new feature!!
Here's my solution:
[download]
{.if not |{.header|Referer.}|{:{.disconnect.}:}.}
Since I noticed that by entering the url directly, the http request wouldn't have a referer at all. So with this script I can disconnect people if their request comes with no referer!!
Finally got it done!!
---------------------------------------------
Actually I've been trying to use different builds to test this "allowed referer" and found that hfs2.2f behaved differently from hfs2.3.
With the "allowed referer" set, the 2.2 build allows direct url accessing but blocks directory browsing (for example, it blocks "http://192.168.10.10/", but it won't for "http://192.168.10.10/file.jpg"), while 2.3 allows both.
So maybe you would like to check if this is a bug?
Anyway, thanks for the great software!! Love it!!!!!!!!!!! (though I've been upset by this problem for the past few days, ;) ;D ;D)
-
you mean it should block the browsing too?
-
you mean it should block the browsing too?
No.
I am just curious about why do the two builds behave in different ways.
-
because over time i can change my mind. You can call it "learning" :)