The best way to make sure other servers do not steal your bandwidth with sv_downloadurl is to only allow people to download files that recently connected to the server. (Say, with 20 minutes or so).
A plug-in could be made to do this, when a client connects, put their IP address in a database, and when the client connects to the sv_downloadurl website, it checks if the IP address is in the database and if it is, allows them to download the resources. Not using the sv_downloadurl because some clown is trying to steal your bandwidth is not an alternative. Another way that it could be done, is for valve to set the http referrer to the IP address of the server, and have a script make sure the referrer is the server or is on a list of servers. But that requires valve to do it, so I think the plug-in idea might be a better solution. - voogru. -----Original Message----- From: m0gely [mailto:[EMAIL PROTECTED] Sent: Monday, June 06, 2005 10:48 PM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! Richard Nelson wrote: > Hiding the cvar is not useful. If someone really wants to steal your > bandwidth, they can use some external tool to see where the requests > are going, so while it may stop the average player it won't stop > anyone who actually wants to do this. No, but it will stop *a lot* of other people. > Security through obscurity isn't > usually a Good Idea. As with any layer of security, 'one' alone isn't a good idea. But this is only one, and it's not bad idea at all. > I would say people with only FTP access should > be allowed to use .htaccess The last several posts tried to explain why .htaccess has nothing to offer in this subject. Protecting the server from itself doesn't help anyone. -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds