[Resolved] htaccess

CookieDoh

I have a "members only" section that is protected with session variables. Inside this members area are some SWF's. My trouble is if people type in the direct location of that SWF they can download it. I've been searching for a way to prevent this and I came across htaccess wrapping.

Trying to do this:

AddHandler secured .swf
Action secured secure.php

and secure.php would do some stuff to check sessions and redirect if not present. I keep getting an error "Client sent malformed Host header"

What am I doing wrong
Is there a better way to do this?

PS: I contemplated doing this with flash and loadvariables, but I also have some FLV video that I need to protect.

bradgrafelman

Can you give us details about your site? (i.e. full address, details about how the webserver is set up)

I've been reading articles about this, and keep comming across this error when an underscore is used in the hostname.

CookieDoh

php_info() at http://mtidev.com/test/test.php

error at http://mtidev.com/test/sample.html

Do you think this is the correct way to do this? I also tried:

<Files test.swf>
order allow,deny
deny from all
</Files>

but then I couldn't embed the SWF

devinemke

Originally posted by CookieDoh
Is there a better way to do this?

yes, store the files outside of the document root and server them up via [man]header[/man].

CookieDoh

Sorry, can you explain that a little more? Do you mean like using readfile or content-disposition somehow?

bradgrafelman

Right.

If you're doing SWF movies, then the 'EMBED src' (or object, however you insert the SWF) would point to your script, like "EMBED src='myscript.php?movieid=3'" and you could use [man]readfile/man in your script to find the appropriate file and display it.

CookieDoh

works good! ..cept for one little hitch. The FLV video. That is called from inside the SWF on the client side. Anybody know of a way to block direct downloading of that but still be able to load it from inside the SWF?

I guess I could set the FLV src up in the swf to point to a php file with readfile(), however it would be a lot easier if I didn't have to edit all of the videos.theoritcally shouldn't I be able to do it with what I was first trying, a wrapper? so that if the FLV is called it redirects to a php file that does a session check and then does readfile?

If not I can live with it, thanks for the help so far!

mtmosier

When using the Action line in .htaccess you have to give it the full path to the php file, relative to the document root. So something like:

AddHandler secured .swf
Action secured /myfiles/secure.php

CookieDoh

All set! Thanks for the help guys. I was able to get addHandler to work thanx to that last post.