I own a website which contain a lot of freeware stuff to download on it. The problem I\'m facing is that people from around the world are taking the direct links of the fil
Don't provide a direct link to the file you are serving. Provide a script that sends the content through the script once you hit the submit button.
Do a web search for sending files through cgi.
Here is a neat link I found online: here
I'm not at all a web expert, but I was thinking about the following pointer -
if you're using asp.net could http handlers or modules configured at the web site level help (lot's of information on those on the web, I looked it up recently for some work, here's one article for example.
The idea is to intercept the request before it reaches the target file and redirect it to the page you wish to show; for example - if someone wishes to browse to the url you've posted ("http://sy-stu.org/stu/PublicFiles/StdLibrary/Exam.zip") intercept this call,use some lookup to find the page you wish to display and redirect the request there;I'm guessing users following a link won't be too annoyed (unless they have done "save target as", which would result them saving some HTML and not ZIP).
However, there's some "hole" in my plan - how do you actually provide a link that works from your own page? I believe you can differentiate between requests coming from your web site and ones coming from others' which you could check on the handler/module by examining the request object.
If you are using PHP, you can have a script that links the user to the download but only if the $_SERVER['HTTP_REFERER']
is from your site. If it is not you redirect to your site.
Your site is hosted by an Apache web server, so you should be able to do the following in your site's httpd.conf (or virtual host block)
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com/ [NC]
RewriteRule ^/PublicFiles/ /page-about-direct-links.html
That is basically saying:
More information on mod_rewrite can be found here: mod_rewrite - Apache HTTP Server
Why not just make the links dynamic and indirect, for example:
on page X: (static)
<a href="Y">SuperNeat Program</a>
on page Y: (dynamically generated)
Click here to download
<a href="Z.php?timestamp={timestamp}&counter={counter}&hash={hash}">
SuperNeat Program</a>
and replace timestamp w/ the current time in msec since 1970, counter = a counter that you increment once per download, hash = MD5 hash of concatenate(timestamp,counter,secret salt) where secret salt = any favorite code you keep secret.
Then on page Z.php, you just recalculate the hash from the counter and timestamp in the query string, check that it matches the hash in the query string, and that the timestamp is recent (e.g. from the previous 30 minutes or 60 minutes or whatever). If it is, then serve the file in question. If it isn't, throw an error message. This gives someone only a brief time period to direct-link to your file. If you don't even want that, then keep track of the counter values received in the Z.php query string and don't accept them more than once.