rejetto forum

Question about "Files filter"

Hardy · 10 · 3955

0 Members and 1 Guest are viewing this topic.

Offline Hardy

  • Occasional poster
  • *
    • Posts: 5
    • View Profile
Hello.
I am using HFS as FastDownload for game servers, and i have question:
Is there any way to whitelist file extensions, which users can download?
For example: i need to allow access only for *.bsp and such files, but need to restrict access to *.cfg and *.lua.
I tried to set up files filter like that:
*.bsp;*.bz2;*.wav;*.mp3;*.res;*.mdl;*.vtx;*.vvd;*.phy;*.vmt;*.vtf;*.ain;*.pcf;*.ttf;*.dua;*.dat;*.ztmp;\*.lua;\*.dll;\*.txt
But i still can download any file, if i know full path to it (i disabled file browsing)
How to fix that? And is there any whitelist feature, to make "files filter" act like whitelist, restricting access to other file types?
Thanks in advance.

Running 2.3 beta, build 279
« Last Edit: April 11, 2012, 11:19:04 AM by Hardy »


Offline Hardy

  • Occasional poster
  • *
    • Posts: 5
    • View Profile
I even tried it like that:
\*.lua;*.dll;*.txt
and like that:
\*.lua;\*.dll;\*.txt
but it's still totally ignoring that field, allowing some skilled person to download valuable configs and scripts from my server. Help!


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2056
    • View Profile
with this filter of files, you can make two choice

hide all files except :   *.bsp;*.bz2;*.wav;*.mp3;*.res;*.mdl;*.vtx;.....      without the \   

view all files except : \*.lua;*.dll;*.txt;*.cfg ...    with one \ at first

there are only the two syntax


Offline Hardy

  • Occasional poster
  • *
    • Posts: 5
    • View Profile
So, there is no way to restrict download for certain file types? Only hide them?
Because all FastDL folders is marked for "Recursively hidden" anyway, but person who knows full path to file can still download it. That's why i need that kind of restrictions.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2056
    • View Profile
The alternative is to create a virtual directory and add all the files that can be downloaded,  as virtual in this folder, then new files will be added individually to the virtual list.


Offline Hardy

  • Occasional poster
  • *
    • Posts: 5
    • View Profile
No, it's not alternative for me, cause sometimes i'm adding gigatons of content, and adding each file manually...
Anyway, i found a solution - eventscripts:

[+download]
{.disconnection reason|Too much hax|if={.match|*.txt|%url%.} {.match|*.cfg|%url%.} {.match|*.lua|%url%.} {.match|*.dll|%url%.} {.match|*.so|%url%.}.}

Thank you for your help


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2056
    • View Profile

Offline raybob

  • Tireless poster
  • ****
    • Posts: 454
    • View Profile
    • FileSplat.com
I think Events would have been the way to go from the start.  Why use something that's pre-programmed when you can control it yourself?   ;)


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2056
    • View Profile
macros and events are a step to which I contributed a lot, but when we seek safety, it is best to use what is available in the exe, because the customized template and event files are volatile and that the slightest conception error may leave your website without protection

the best choice will depend on the level of security and portability, because in this case with an event, it is the entire VFS is locked for these files and not only one directory.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13440
    • View Profile
{.disconnection reason|Too much hax|if={.match|*.txt|%url%.} {.match|*.cfg|%url%.} {.match|*.lua|%url%.} {.match|*.dll|%url%.} {.match|*.so|%url%.}.}

try a single {.match|*.txt;*.cfg;*.lua;*.dll;*.so|%url%.}