rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: Hardy on April 11, 2012, 11:13:41 AM

Title: Question about "Files filter"
Post by: Hardy on April 11, 2012, 11:13:41 AM

Hello.
I am using HFS as FastDownload for game servers, and i have question:
Is there any way to whitelist file extensions, which users can download?
For example: i need to allow access only for *.bsp and such files, but need to restrict access to *.cfg and *.lua.
I tried to set up files filter like that:
*.bsp;*.bz2;*.wav;*.mp3;*.res;*.mdl;*.vtx;*.vvd;*.phy;*.vmt;*.vtf;*.ain;*.pcf;*.ttf;*.dua;*.dat;*.ztmp;\*.lua;\*.dll;\*.txt
But i still can download any file, if i know full path to it (i disabled file browsing)
How to fix that? And is there any whitelist feature, to make "files filter" act like whitelist, restricting access to other file types?
Thanks in advance.

Running 2.3 beta, build 279

Title: Re: Question about "Files filter"
Post by: Hardy on April 11, 2012, 11:25:46 AM

I even tried it like that:
\*.lua;*.dll;*.txt
and like that:
\*.lua;\*.dll;\*.txt
but it's still totally ignoring that field, allowing some skilled person to download valuable configs and scripts from my server. Help!

Title: Re: Question about "Files filter"
Post by: Mars on April 11, 2012, 11:33:05 AM

with this filter of files, you can make two choice

hide all files except :   *.bsp;*.bz2;*.wav;*.mp3;*.res;*.mdl;*.vtx;.....      without the \   

view all files except : \*.lua;*.dll;*.txt;*.cfg ...    with one \ at first

there are only the two syntax

Title: Re: Question about "Files filter"
Post by: Hardy on April 11, 2012, 11:34:04 AM

So, there is no way to restrict download for certain file types? Only hide them?
Because all FastDL folders is marked for "Recursively hidden" anyway, but person who knows full path to file can still download it. That's why i need that kind of restrictions.

Title: Re: Question about "Files filter"
Post by: Mars on April 11, 2012, 12:10:06 PM

The alternative is to create a virtual directory and add all the files that can be downloaded,  as virtual in this folder, then new files will be added individually to the virtual list.

Title: Re: Question about "Files filter"
Post by: Hardy on April 11, 2012, 12:25:45 PM

No, it's not alternative for me, cause sometimes i'm adding gigatons of content, and adding each file manually...
Anyway, i found a solution - eventscripts:

[+download]
{.disconnection reason|Too much hax|if={.match|*.txt|%url%.} {.match|*.cfg|%url%.} {.match|*.lua|%url%.} {.match|*.dll|%url%.} {.match|*.so|%url%.}.}

Thank you for your help

Title: Re: Question about "Files filter"
Post by: Mars on April 11, 2012, 12:40:05 PM

think about set the filter to hide these files ;)

Title: Re: Question about "Files filter"
Post by: raybob on April 11, 2012, 03:13:55 PM

I think Events would have been the way to go from the start.  Why use something that's pre-programmed when you can control it yourself?   ;)

Title: Re: Question about "Files filter"
Post by: Mars on April 11, 2012, 04:54:44 PM

macros and events are a step to which I contributed a lot, but when we seek safety, it is best to use what is available in the exe, because the customized template and event files are volatile and that the slightest conception error may leave your website without protection

the best choice will depend on the level of security and portability, because in this case with an event, it is the entire VFS is locked for these files and not only one directory.

Title: Re: Question about "Files filter"
Post by: rejetto on April 15, 2012, 12:53:33 PM

Quote from: Hardy on April 11, 2012, 12:25:45 PM

{.disconnection reason|Too much hax|if={.match|*.txt|%url%.} {.match|*.cfg|%url%.} {.match|*.lua|%url%.} {.match|*.dll|%url%.} {.match|*.so|%url%.}.}

try a single {.match|*.txt;*.cfg;*.lua;*.dll;*.so|%url%.}