rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: Hardy on April 11, 2012, 11:13:41 AM
-
Hello.
I am using HFS as FastDownload for game servers, and i have question:
Is there any way to whitelist file extensions, which users can download?
For example: i need to allow access only for *.bsp and such files, but need to restrict access to *.cfg and *.lua.
I tried to set up files filter like that:
*.bsp;*.bz2;*.wav;*.mp3;*.res;*.mdl;*.vtx;*.vvd;*.phy;*.vmt;*.vtf;*.ain;*.pcf;*.ttf;*.dua;*.dat;*.ztmp;\*.lua;\*.dll;\*.txt
But i still can download any file, if i know full path to it (i disabled file browsing)
How to fix that? And is there any whitelist feature, to make "files filter" act like whitelist, restricting access to other file types?
Thanks in advance.
Running 2.3 beta, build 279
-
I even tried it like that:
\*.lua;*.dll;*.txt
and like that:
\*.lua;\*.dll;\*.txt
but it's still totally ignoring that field, allowing some skilled person to download valuable configs and scripts from my server. Help!
-
with this filter of files, you can make two choice
hide all files except : *.bsp;*.bz2;*.wav;*.mp3;*.res;*.mdl;*.vtx;..... without the \
view all files except : \*.lua;*.dll;*.txt;*.cfg ... with one \ at first
there are only the two syntax
-
So, there is no way to restrict download for certain file types? Only hide them?
Because all FastDL folders is marked for "Recursively hidden" anyway, but person who knows full path to file can still download it. That's why i need that kind of restrictions.
-
The alternative is to create a virtual directory and add all the files that can be downloaded, as virtual in this folder, then new files will be added individually to the virtual list.
-
No, it's not alternative for me, cause sometimes i'm adding gigatons of content, and adding each file manually...
Anyway, i found a solution - eventscripts:
[+download]
{.disconnection reason|Too much hax|if={.match|*.txt|%url%.} {.match|*.cfg|%url%.} {.match|*.lua|%url%.} {.match|*.dll|%url%.} {.match|*.so|%url%.}.}
Thank you for your help
-
think about set the filter to hide these files ;)
-
I think Events would have been the way to go from the start. Why use something that's pre-programmed when you can control it yourself? ;)
-
macros and events are a step to which I contributed a lot, but when we seek safety, it is best to use what is available in the exe, because the customized template and event files are volatile and that the slightest conception error may leave your website without protection
the best choice will depend on the level of security and portability, because in this case with an event, it is the entire VFS is locked for these files and not only one directory.
-
{.disconnection reason|Too much hax|if={.match|*.txt|%url%.} {.match|*.cfg|%url%.} {.match|*.lua|%url%.} {.match|*.dll|%url%.} {.match|*.so|%url%.}.}
try a single {.match|*.txt;*.cfg;*.lua;*.dll;*.so|%url%.}