At 10:23 PM 10/26/01, Ervin Tarkhanian wrote: >I need to restrict access to all Real media files & Windows Media on a site. > > >RedirectMatch .*.ram http://www.domain.com/novideo.html >RedirectMatch .*.rm http://www.domain.com/novideo.html >RedirectMatch .*.asx http://www.domain.com/novideo.html >RedirectMatch .*.asf http://www.domain.com/novideo.html
Don't forget .wmv, .wma, .wax, .wvx, and .wm for Windows Media. For Real, you might want to include .smi, .smil, .ra, .rmm, .rt, .rmj, .rms, and .rp . Those are all the Windows Media- and RealPlayer-specific extensions listed in the programs' Open dialogs. Of course, restricting access by file extension doesn't provide any real security, as user agents pay attention only to MIME types. A Webmaster can assign any MIME type to any file extension in their .htaccess file or with a two-line CGI/PHP script that writes the header then echoes the file. Therefore, you might be better off to restrict by MIME type rather than file extension, although I don't think this will get around the CGI/PHP possibility (haven't tried). Do you care about QuickTime? -------------------------------------------------------------------------- Ted Behling, Web Application Developer - Monarch Information Systems, Inc. 43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434 E-mail: mailto:[EMAIL PROTECTED] Phone/Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894 Cell Phone (urgent issues): 843-816-7895 Cell Phone E-mail: mailto:[EMAIL PROTECTED] (116 letter limit) Web site: http://www.MonarchIS.net -------------------------------------------------------------------------- _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
