2008/10/18 Rick Payton <[EMAIL PROTECTED]> > After reading through the comments on the linked site, I got to thinking. > How hard would be to setup your own "fake" fast download site, and use php > or something to fake the referrer and redirect your clients to someone else > download site? I know it's a stretch, and some work, but we all know there > are determined enough people out there :( > > mauirixxx > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] On Behalf Of Tony Paloma > Sent: Saturday, October 18, 2008 9:09 AM > To: 'Half-Life dedicated Win32 server mailing list' > Subject: Re: [hlds] fast dl abuse > > I'm no IIS expert, but this looks promising: > > http://mvolo.com/blogs/serverside/archive/2006/11/10/Stopping-hot_2D00_linki > ng-with-IIS-and-ASP.NET.aspx<http://mvolo.com/blogs/serverside/archive/2006/11/10/Stopping-hot_2D00_linking-with-IIS-and-ASP.NET.aspx> > > Found via google search: > http://www.google.com/search?hl=en&q=iis+hotlinking > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Robert Whelan > Sent: Saturday, October 18, 2008 6:53 AM > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] fast dl abuse > > Would you happen to have an example for us msiis users? > > > > ----- Original Message ---- > From: Tony Paloma <[EMAIL PROTECTED]> > To: Half-Life dedicated Win32 server mailing list > <hlds@list.valvesoftware.com> > Sent: Saturday, October 18, 2008 1:50:36 AM > Subject: Re: [hlds] fast dl abuse > > Voogru and others have already explained how to do this. I don't know why > this thread is still going on with speculation about how to do it. > > When a game client downloads a file from an sv_downloadurl, it submits as > the referrer the game server it is connecting to. This is why limiting > access by referrer works. > > With Apache, as mentioned earlier, you can use this script in a htaccess > file. > > SetEnvIfNoCase Referer "^hl2://12\.34\.56\..*" AllowDownload > Order Deny,Allow > Allow from env=AllowDownload > Deny from all > > You can insert any regular expression you want to match the referer. This > one will allow all game servers starting with 12.34.56 to use the download > URL. > > Alternatively, use the script mentioned later. > > RewriteEngine On > RewriteCond %{HTTP_REFERER} !^hl2://0.0.0.0: > RewriteCond %{HTTP_USER_AGENT} !^Half-Life\ 2$ > RewriteRule ^(.*)$ $1 [F] > > Again, any regular expression should work. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of DontWannaName! > Sent: Friday, October 17, 2008 8:02 PM > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] fast dl abuse > > What if its more than one game server people are downloading from... > > > ----- Original Message ---- > From: Rick Payton <[EMAIL PROTECTED]> > To: Half-Life dedicated Win32 server mailing list > <hlds@list.valvesoftware.com> > Sent: Friday, October 17, 2008 5:58:23 PM > Subject: Re: [hlds] fast dl abuse > > A quick google search returned this from a forum from 3 years ago, that > seemed to work well enough for me: > > RewriteEngine On > RewriteCond %{HTTP_REFERER} !^hl2://0.0.0.0: > RewriteCond %{HTTP_USER_AGENT} !^Half-Life\ 2$ > RewriteRule ^(.*)$ $1 [F] > > I changed the 0.0.0.0 to (x.x.x.x|y.y.y.y) in the .htaccess file. While > my client was able to successfully download the map, using a web browser > I was forbidden to view the directory. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Donnie Newlove > Sent: Friday, October 17, 2008 2:05 PM > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] fast dl abuse > > I stand corrected, the most elegant way would of course be to only > allow downloads from hosts that are already connected or connecting to > the game server. > > On Sat, Oct 18, 2008 at 1:28 AM, Karl Weckstrom <[EMAIL PROTECTED]> > wrote: > > You HAVE to restrict access via IP on the webserver itself. Sadly > there's no other way. > > > > Turning off directory browsing is useless, as they'll find out the > path anyway. Valve opted to use Internet Explorer as their internal game > browser, which leverages WININET.DLL. > > > > http://support.microsoft.com/kb/884931 > > > > As you can see from the above URL, you can download a debug version of > wininet.dll to troubleshoot IE issues. This will reveal absolutely all > details about the transfer, including all paths. It's pointless to try > and obscure your map download url, it simply needs to be restricted by > IP on the webserver. > > > > > > ________________________________________ > > From: [EMAIL PROTECTED] > [EMAIL PROTECTED] On Behalf Of Cc2iscooL > [EMAIL PROTECTED] > > Sent: Friday, October 17, 2008 7:04 PM > > To: Half-Life dedicated Win32 server mailing list > > Subject: Re: [hlds] fast dl abuse > > > > Unfortunately this also shows in the "sv_downloadurl," but yes, that > > would limit it quite a bit. > > > > Steve wrote: > >> The first thing I would do (which I have already done) is disable > >> directory browsing on all those folders.. no reason to let the search > >> engines crawl through all your files so they can indexed up on > google. > >> > >> > >> > >>> Hi Listy, > >>> > >>> I think my fast dl webspace is being leeched. > >>> > >>> I can find thousands of tf/maps directorys to browse and potentially > hook > >>> into and use the url in my server.cfg > >>> > >>> Is there any way of preventing any connections to my fast dl server > other > >>> than my own game server (via IP:port) > >>> > >>> Love to all > >>> > >>> Pat xxx > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list > archives, > >>> please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>> > >>> > >> > >> > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list > archives, please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds > >> > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > you cant do that. if you redirect the clients to somebody elses servcer for downloading the files, they client (IE) will tell the correct referer, if you serve the contents like a proxy you can fake the referer, but you will use the exact same bandwith consumption as you run your own download site, so its pointless.
Tyrael _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
