Re: [hlds] VALVe hide our sv_downloadurl paths!
Mikee, Thanks again for your response, and I gave that a go. HL1 stubbornly refuses to allow my fast map downloads to work if I use .htaccess in any of those forms. *Scratches head* Thanks Mick - Original Message - From: Mikee [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Thursday, June 09, 2005 10:14 PM Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! Mick, I'm guessing here, but since you have both hl1 hl2 on the same IP, with hl2 in the later positionit may be cancelling the previous line??? Just to rule that out, since Alfred said that hl1 worked.remove the third (hl2) line you have so there is only the hl1 line with that IP and see what happens. Again, I'm just guessing. - Original Message - From: Mick [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Thursday, June 09, 2005 10:10 AM Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! The HL2 works fine no problems, player can get fast downloads, but it blocks my HL1 players from doing so. SetEnvIfNoCase Referer ^hl2://212\.58\.145\.132 allow_download SetEnvIfNoCase Referer ^hl1://81\.110\.202\.133 allow_download SetEnvIfNoCase Referer ^hl2://81\.110\.202\.133 allow_download Order Deny,Allow Allow from env=allow_download Deny from all ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mick Sent: 9. juni 2005 16:11 To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! Thanks for the info Alfred, unfortunately I still can't seem to get this working for both my HL2 and HL1 server, The HL2 works fine no problems, player can get fast downloads, but it blocks my HL1 players from doing so. Here's the contents of my .htaccess file. Can you see if I've got something wrong in there, please. SetEnvIfNoCase Referer ^hl2://212\.58\.145\.132 allow_download SetEnvIfNoCase Referer ^hl1://81\.110\.202\.133 allow_download SetEnvIfNoCase Referer ^hl2://81\.110\.202\.133 allow_download Order Deny,Allow Allow from env=allow_download Deny from all I have one remote HL2 server (the top one) and another local HL1 and HL2 server (the bottom two) Any help appreciated, Regards Mick - Original Message - From: Alfred Reynolds [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Thursday, June 09, 2005 3:52 AM Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! The HL1 engine uses: hl1://server ip For the referer syntax. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] For those of us running IIS: ISAPI_Rewrite Lite from http://www.isapirewrite.com/ To block all requests not from our game-server, based on the referer tag, the httpd.ini contains: [ISAPI_Rewrite] # Allow HL2 server only - block all others # note: game server ip address must have a \ preceding each dot RewriteCond Referer: (?!hl2:game server ip address).* [I,O] RewriteRule (.*) . [F,I,O] There is good technical support at: http://www.helicontech.com/forum/display_forum_topics~ForumID~2.asp Also, as we are running IIS 4.0 on NT4 we initially got an access violation exception, which required a hotfix: http://support.microsoft.com/default.aspx?scid=kb;en-us;873401 As previously noted, anyone can spoof the referer so it wont stop all leeching, but should stop others from using your sv_downloadurl, for now... Hope this helps anyone too embarrased to admit to using IIS. Yeti -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alfred Reynolds Sent: Monday, June 06, 2005 2:42 PM To: hlds@list.valvesoftware.com Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip You should be able to use some kind of apache plugin to act upon this information. - Alfred Original Message From: Alfred Reynolds Sent: Monday, June 06, 2005 5:37 PM To: 'hlds@list.valvesoftware.com' Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! We will look at adding an X-header to the request. - Alfred -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
This is a multi-part message in MIME format. -- Thanks Yeti that's just what I needed! I'm not ashamed to be running IIS (I need to due to work requirements - aka Exchange 2003). Thanks again :) Rick Payton, IT Support Morikawa Associates (808) 572-1745 http://www.mai-hawaii.com/ From: [EMAIL PROTECTED] on behalf of Yeti Sent: Thu 6/9/2005 6:05 AM To: hlds@list.valvesoftware.com Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] For those of us running IIS: ISAPI_Rewrite Lite from http://www.isapirewrite.com/ To block all requests not from our game-server, based on the referer tag, the httpd.ini contains: [ISAPI_Rewrite] # Allow HL2 server only - block all others # note: game server ip address must have a \ preceding each dot RewriteCond Referer: (?!hl2:game server ip address).* [I,O] RewriteRule (.*) . [F,I,O] There is good technical support at: http://www.helicontech.com/forum/display_forum_topics~ForumID~2.asp Also, as we are running IIS 4.0 on NT4 we initially got an access violation exception, which required a hotfix: http://support.microsoft.com/default.aspx?scid=kb;en-us;873401 As previously noted, anyone can spoof the referer so it wont stop all leeching, but should stop others from using your sv_downloadurl, for now... Hope this helps anyone too embarrased to admit to using IIS. Yeti -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alfred Reynolds Sent: Monday, June 06, 2005 2:42 PM To: hlds@list.valvesoftware.com Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip You should be able to use some kind of apache plugin to act upon this information. - Alfred Original Message From: Alfred Reynolds Sent: Monday, June 06, 2005 5:37 PM To: 'hlds@list.valvesoftware.com' Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! We will look at adding an X-header to the request. - Alfred -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- [ winmail.dat of type application/ms-tnef deleted ] -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
Hi this works great for my HL2 server, but I use the same webserver folder for storing the fast download maps for my HL1 server too. Can anyone tell me what I need to add to the .htaccess file to allow both my HL2 server and HL1 server players to fast download the maps? Thanks Mick - Original Message - From: Subdude2k [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Tuesday, June 07, 2005 1:28 PM Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! The Referer works fine and has been doing so for a while now. I'm using .htaccess files on my Apache web server to only allow access to the hosted maps and files from our own CS Server. Here's the contents of my .htaccess file -- SetEnvIfNoCase Referer ^hl2://195\.20\.108\.36 allow_download Order Deny,Allow Allow from env=allow_download Deny from all -- HTH Subdude2k ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
valve already added referer support... On 6/7/05, Spencer 'voogru' MacDonald [EMAIL PROTECTED] wrote: The best way to make sure other servers do not steal your bandwidth with sv_downloadurl is to only allow people to download files that recently connected to the server. (Say, with 20 minutes or so). A plug-in could be made to do this, when a client connects, put their IP address in a database, and when the client connects to the sv_downloadurl website, it checks if the IP address is in the database and if it is, allows them to download the resources. Not using the sv_downloadurl because some clown is trying to steal your bandwidth is not an alternative. Another way that it could be done, is for valve to set the http referrer to the IP address of the server, and have a script make sure the referrer is the server or is on a list of servers. But that requires valve to do it, so I think the plug-in idea might be a better solution. -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
*ahem* On 6/6/05, Alfred Reynolds [EMAIL PROTECTED] wrote: And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip You should be able to use some kind of apache plugin to act upon this information. - Alfred -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
I tried Simon's guide and put this in an .htaccess file in the /hlds_downloads/ folder on my website (that contains the /maps/ folder for download), but it did not work when I joined the server, I still got the same player missing map, disconnected me. SetEnfIf Referer ^hl2://67\.18\.241\.75 MY_SERVER=1 Order Allow,Deny Allow from env=MY_SERVER Deny from all If I remove the .htaccess file, I can download the missing map and join the server. My server is at 67.18.241.75 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
valve still has to actually release the client with this referer support in it, don't think they've done that yet. So until they do it's kind of hard to react to something that isn't there yet. On 6/7/05, Mikee [EMAIL PROTECTED] wrote: I tried Simon's guide and put this in an .htaccess file in the /hlds_downloads/ folder on my website (that contains the /maps/ folder for download), but it did not work when I joined the server, I still got the same player missing map, disconnected me. SetEnfIf Referer ^hl2://67\.18\.241\.75 MY_SERVER=1 Order Allow,Deny Allow from env=MY_SERVER Deny from all If I remove the .htaccess file, I can download the missing map and join the server. My server is at 67.18.241.75 -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
It looks like he made a typo, try replacing SetEnfIf with SetEnvIf. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mikee Sent: Tuesday, June 07, 2005 3:47 AM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! I tried Simon's guide and put this in an .htaccess file in the /hlds_downloads/ folder on my website (that contains the /maps/ folder for download), but it did not work when I joined the server, I still got the same player missing map, disconnected me. SetEnfIf Referer ^hl2://67\.18\.241\.75 MY_SERVER=1 Order Allow,Deny Allow from env=MY_SERVER Deny from all If I remove the .htaccess file, I can download the missing map and join the server. My server is at 67.18.241.75 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
It still is not working even with that typo corrected SetEnvIf Referer ^hl2://67\.18\.241\.75 MY_SERVER=1 Order Allow,Deny Allow from env=MY_SERVER Deny from all If anyone can get this to work in the .htaccess file, that would be great. Also, assuming it will work at some point, how would I add several server IP's to all work with this folder? - Original Message - From: Brandon Hardy [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Tuesday, June 07, 2005 5:05 AM Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! It looks like he made a typo, try replacing SetEnfIf with SetEnvIf. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mikee Sent: Tuesday, June 07, 2005 3:47 AM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! I tried Simon's guide and put this in an .htaccess file in the /hlds_downloads/ folder on my website (that contains the /maps/ folder for download), but it did not work when I joined the server, I still got the same player missing map, disconnected me. SetEnfIf Referer ^hl2://67\.18\.241\.75 MY_SERVER=1 Order Allow,Deny Allow from env=MY_SERVER Deny from all If I remove the .htaccess file, I can download the missing map and join the server. My server is at 67.18.241.75 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
of course not, you don't have a client yet that sends the referer. On 6/7/05, Mikee [EMAIL PROTECTED] wrote: It still is not working even with that typo corrected -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
Alfred wrote: And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clayton Macleod Sent: 7. juni 2005 11:54 To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! of course not, you don't have a client yet that sends the referer. On 6/7/05, Mikee [EMAIL PROTECTED] wrote: It still is not working even with that typo corrected -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
heh, yeah, and 5 minutes before that he said We will look at adding an X-header to the request. In other words, it wasn't done yet, so he went and got it done. And came back very quickly to say it was done. That doesn't mean we got the client that does that yet, now does it? Nope. But I'm sure it means that the next update that's released will contain this. On 6/7/05, Alexander Kobbevik [EMAIL PROTECTED] wrote: Alfred wrote: And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
Already means that it was done before, but I guess he didn't know. That's why he came back after finding out and told us. He also wrote Each request from Source clients to your web server _contains_ the following line. Which doesn't mean going to contain. That's my guess atleast :) PS! Can't someone who use this cvar go into the webserver and just see if it's there in the logs? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clayton Macleod Sent: 7. juni 2005 12:23 To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! heh, yeah, and 5 minutes before that he said We will look at adding an X-header to the request. In other words, it wasn't done yet, so he went and got it done. And came back very quickly to say it was done. That doesn't mean we got the client that does that yet, now does it? Nope. But I'm sure it means that the next update that's released will contain this. On 6/7/05, Alexander Kobbevik [EMAIL PROTECTED] wrote: Alfred wrote: And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
This is a multi-part message in MIME format. -- so anyone on the IIS side of things configure this correctly yet? Seems I can't figure it out. /me cries Rick Payton, IT Support Morikawa Associates (808) 572-1745 http://www.mai-hawaii.com/ From: [EMAIL PROTECTED] on behalf of Subdude2k Sent: Tue 6/7/2005 2:28 AM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! The Referer works fine and has been doing so for a while now. I'm using .htaccess files on my Apache web server to only allow access to the hosted maps and files from our own CS Server. Here's the contents of my .htaccess file -- SetEnvIfNoCase Referer ^hl2://195\.20\.108\.36 allow_download Order Deny,Allow Allow from env=allow_download Deny from all -- HTH Subdude2k ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- [ winmail.dat of type application/ms-tnef deleted ] -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
I know of archive software that lets you put in refers. Let alone, you can find a path with 'netstat' or your router. --- Rick Payton [EMAIL PROTECTED] wrote: This is a multi-part message in MIME format. -- so anyone on the IIS side of things configure this correctly yet? Seems I can't figure it out. /me cries Rick Payton, IT Support Morikawa Associates (808) 572-1745 http://www.mai-hawaii.com/ From: [EMAIL PROTECTED] on behalf of Subdude2k Sent: Tue 6/7/2005 2:28 AM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! The Referer works fine and has been doing so for a while now. I'm using .htaccess files on my Apache web server to only allow access to the hosted maps and files from our own CS Server. Here's the contents of my .htaccess file -- SetEnvIfNoCase Referer ^hl2://195\.20\.108\.36 allow_download Order Deny,Allow Allow from env=allow_download Deny from all -- HTH Subdude2k ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- [ winmail.dat of type application/ms-tnef deleted ] -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
Have a look at http://www.isapirewrite.com/ It comes in commercial and lite (free) versions. I haven't used this (I've never even used IIS!) but remember this while browsing. As far as I can see its an ISAPI implementation of mod_rewrite for apache with perhaps more features. Regards, Ryan Lewis [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Payton Sent: 07 June 2005 18:06 To: hlds@list.valvesoftware.com Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! This is a multi-part message in MIME format. -- so anyone on the IIS side of things configure this correctly yet? Seems I can't figure it out. /me cries Rick Payton, IT Support Morikawa Associates (808) 572-1745 http://www.mai-hawaii.com/ From: [EMAIL PROTECTED] on behalf of Subdude2k Sent: Tue 6/7/2005 2:28 AM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! The Referer works fine and has been doing so for a while now. I'm using .htaccess files on my Apache web server to only allow access to the hosted maps and files from our own CS Server. Here's the contents of my .htaccess file -- SetEnvIfNoCase Referer ^hl2://195\.20\.108\.36 allow_download Order Deny,Allow Allow from env=allow_download Deny from all -- HTH Subdude2k ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- [ winmail.dat of type application/ms-tnef deleted ] -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.4 - Release Date: 06/06/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.4 - Release Date: 06/06/2005 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
Subdude2k, your answer finally does work. I really appreciate your posting this, as the SetEnvIf Referrer that Simon said would not work in the .htaccess file. IMHO, every server admin should do this who is using a web based downloadurl that has bandwidth limits. One last answer that I confirmed works if you have multiple servers, you can define each IP on its own line. This is now my .htaccess file: SetEnvIfNoCase Referer ^hl2://64\.156\.56\.122 allow_download SetEnvIfNoCase Referer ^hl2://67\.18\.241\.74 allow_download SetEnvIfNoCase Referer ^hl2://67\.18\.241\.75 allow_download Order Deny,Allow Allow from env=allow_download Deny from all - Original Message - From: Subdude2k [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Tuesday, June 07, 2005 8:28 AM Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! The Referer works fine and has been doing so for a while now. I'm using .htaccess files on my Apache web server to only allow access to the hosted maps and files from our own CS Server. Here's the contents of my .htaccess file -- SetEnvIfNoCase Referer ^hl2://195\.20\.108\.36 allow_download Order Deny,Allow Allow from env=allow_download Deny from all -- HTH Subdude2k ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
nice, I stand corrected. On 6/7/05, Alexander Kobbevik [EMAIL PROTECTED] wrote: Already means that it was done before, but I guess he didn't know. That's why he came back after finding out and told us. He also wrote Each request from Source clients to your web server _contains_ the following line. Which doesn't mean going to contain. That's my guess atleast :) PS! Can't someone who use this cvar go into the webserver and just see if it's there in the logs? -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
Mikee wrote: Subdude2k, your answer finally does work. I really appreciate your posting this, as the SetEnvIf Referrer that Simon said would not work in the .htaccess file. IMHO, every server admin should do this who is using a web based downloadurl that has bandwidth limits. One last answer that I confirmed works if you have multiple servers, you can define each IP on its own line. This is now my .htaccess file: SetEnvIfNoCase Referer ^hl2://64\.156\.56\.122 allow_download SetEnvIfNoCase Referer ^hl2://67\.18\.241\.74 allow_download SetEnvIfNoCase Referer ^hl2://67\.18\.241\.75 allow_download Order Deny,Allow Allow from env=allow_download Deny from all Glad I could help. :) Subdude2k ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
How would you use the .htaccess to only allow folder access from a given server IP, since it is basically a web url based access? It is amazing what can be done with that file, so I don't doubt you. Posting how to customize it for a given folder and server IP would be handy...I'm just wondering if a player doesn't need to have their own player IP to access it however...which would open it back up to everyone. - Original Message - From: Dagok [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Monday, June 06, 2005 5:52 PM Subject: [hlds] VALVe hide our sv_downloadurl paths! This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] This was posted on the Source DS (Windows) team forums. POsting it here in hopes that it will get directly to Valve. ok a little problem is people being able to just type sv_downloadurl in console and steal our links and use it on there server stealing our bandwith. I think valve should hide this when someone types it Yes there are ways for people to setup htaccess etc so only they can use the folder. But it sure would be nice if typing sv_downloadurl in the console would return ** like sv_password and rcon_password do. Can you please pass this along Alfred? thanks, Dagok -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
I just tried what should have worked. I put this .htaccess in the folder on the webserver that has my maps. \root-level\hlds_downloads\.htaccess \root-level\hlds_downloads\maps According to this site, they give an exact example of this: http://kirupa.com/web/htaccess.htm So I put in my server IP's as shown below. order allow,deny allow from 67.18.241.74 allow from 67.18.241.75 deny from all I then deleted a large map from my client player account, joined the server, changed to the map to the one I just deleted from my own player maps folder, and got an error that I did not have the map for this server, and it would not download it from the website after I put in this .htaccess file, and kicked me back to list of servers. The only other thing I can think of to protect our own bandwidth is keep changing the web download url folder name on the web server and in the server.cfg. This is a big problem, as most websites have limits on monthly bandwidth transfers. - Original Message - From: Mikee [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Monday, June 06, 2005 7:29 PM Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! How would you use the .htaccess to only allow folder access from a given server IP, since it is basically a web url based access? It is amazing what can be done with that file, so I don't doubt you. Posting how to customize it for a given folder and server IP would be handy...I'm just wondering if a player doesn't need to have their own player IP to access it however...which would open it back up to everyone. - Original Message - From: Dagok [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Monday, June 06, 2005 5:52 PM Subject: [hlds] VALVe hide our sv_downloadurl paths! This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] This was posted on the Source DS (Windows) team forums. POsting it here in hopes that it will get directly to Valve. ok a little problem is people being able to just type sv_downloadurl in console and steal our links and use it on there server stealing our bandwith. I think valve should hide this when someone types it Yes there are ways for people to setup htaccess etc so only they can use the folder. But it sure would be nice if typing sv_downloadurl in the console would return ** like sv_password and rcon_password do. Can you please pass this along Alfred? thanks, Dagok -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
No matter what you do the client needs to know this URL to download from it. If you are concerned about extra charges then don't use this feature (it is entirely optional). - Alfred Original Message From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mikee Sent: Monday, June 06, 2005 5:10 PM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! I just tried what should have worked. I put this .htaccess in the folder on the webserver that has my maps. \root-level\hlds_downloads\.htaccess \root-level\hlds_downloads\maps According to this site, they give an exact example of this: http://kirupa.com/web/htaccess.htm So I put in my server IP's as shown below. order allow,deny allow from 67.18.241.74 allow from 67.18.241.75 deny from all I then deleted a large map from my client player account, joined the server, changed to the map to the one I just deleted from my own player maps folder, and got an error that I did not have the map for this server, and it would not download it from the website after I put in this .htaccess file, and kicked me back to list of servers. The only other thing I can think of to protect our own bandwidth is keep changing the web download url folder name on the web server and in the server.cfg. This is a big problem, as most websites have limits on monthly bandwidth transfers. - Original Message - From: Mikee [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Monday, June 06, 2005 7:29 PM Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! How would you use the .htaccess to only allow folder access from a given server IP, since it is basically a web url based access? It is amazing what can be done with that file, so I don't doubt you. Posting how to customize it for a given folder and server IP would be handy...I'm just wondering if a player doesn't need to have their own player IP to access it however...which would open it back up to everyone. - Original Message - From: Dagok [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Monday, June 06, 2005 5:52 PM Subject: [hlds] VALVe hide our sv_downloadurl paths! This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] This was posted on the Source DS (Windows) team forums. POsting it here in hopes that it will get directly to Valve. ok a little problem is people being able to just type sv_downloadurl in console and steal our links and use it on there server stealing our bandwith. I think valve should hide this when someone types it Yes there are ways for people to setup htaccess etc so only they can use the folder. But it sure would be nice if typing sv_downloadurl in the console would return ** like sv_password and rcon_password do. Can you please pass this along Alfred? thanks, Dagok -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
I may be wrong but, I believe that the HL/HL2 sends a header with the server's IP address in it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mikee Sent: Monday, June 06, 2005 6:29 PM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! How would you use the .htaccess to only allow folder access from a given server IP, since it is basically a web url based access? It is amazing what can be done with that file, so I don't doubt you. Posting how to customize it for a given folder and server IP would be handy...I'm just wondering if a player doesn't need to have their own player IP to access it however...which would open it back up to everyone. - Original Message - From: Dagok [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Monday, June 06, 2005 5:52 PM Subject: [hlds] VALVe hide our sv_downloadurl paths! This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] This was posted on the Source DS (Windows) team forums. POsting it here in hopes that it will get directly to Valve. ok a little problem is people being able to just type sv_downloadurl in console and steal our links and use it on there server stealing our bandwith. I think valve should hide this when someone types it Yes there are ways for people to setup htaccess etc so only they can use the folder. But it sure would be nice if typing sv_downloadurl in the console would return ** like sv_password and rcon_password do. Can you please pass this along Alfred? thanks, Dagok -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
What you did with your .htaccess file is deny anyone from downloading except your game servers. So if your game server decided to use the sv_downloadurl to download a map for a strange reason (maybe it does not have it already?) it would be able to. One way to protect it is if you have a php script for the downloads and have a key that you change frequently, maybe once a day. Mikee wrote: I just tried what should have worked. I put this .htaccess in the folder on the webserver that has my maps. \root-level\hlds_downloads\.htaccess \root-level\hlds_downloads\maps According to this site, they give an exact example of this: http://kirupa.com/web/htaccess.htm So I put in my server IP's as shown below. order allow,deny allow from 67.18.241.74 allow from 67.18.241.75 deny from all I then deleted a large map from my client player account, joined the server, changed to the map to the one I just deleted from my own player maps folder, and got an error that I did not have the map for this server, and it would not download it from the website after I put in this .htaccess file, and kicked me back to list of servers. The only other thing I can think of to protect our own bandwidth is keep changing the web download url folder name on the web server and in the server.cfg. This is a big problem, as most websites have limits on monthly bandwidth transfers. - Original Message - From: Mikee [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Monday, June 06, 2005 7:29 PM Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! How would you use the .htaccess to only allow folder access from a given server IP, since it is basically a web url based access? It is amazing what can be done with that file, so I don't doubt you. Posting how to customize it for a given folder and server IP would be handy...I'm just wondering if a player doesn't need to have their own player IP to access it however...which would open it back up to everyone. - Original Message - From: Dagok [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Monday, June 06, 2005 5:52 PM Subject: [hlds] VALVe hide our sv_downloadurl paths! This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] This was posted on the Source DS (Windows) team forums. POsting it here in hopes that it will get directly to Valve. ok a little problem is people being able to just type sv_downloadurl in console and steal our links and use it on there server stealing our bandwith. I think valve should hide this when someone types it Yes there are ways for people to setup htaccess etc so only they can use the folder. But it sure would be nice if typing sv_downloadurl in the console would return ** like sv_password and rcon_password do. Can you please pass this along Alfred? thanks, Dagok -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
Mikee wrote: How would you use the .htaccess to only allow folder access from a given server IP, since it is basically a web url based access? If you restrict it to the server ip then the feature won't work. The client downloads the files, not the server. And since you have no idea what the client IP's will be, well you get the idea. They need to either make the cvar protected like rcon, or add a referrer to the request so the web server can filter. This has been requested many times. -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
We will look at adding an X-header to the request. - Alfred Original Message From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of m0gely Sent: Monday, June 06, 2005 5:26 PM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! Mikee wrote: How would you use the .htaccess to only allow folder access from a given server IP, since it is basically a web url based access? If you restrict it to the server ip then the feature won't work. The client downloads the files, not the server. And since you have no idea what the client IP's will be, well you get the idea. They need to either make the cvar protected like rcon, or add a referrer to the request so the web server can filter. This has been requested many times. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip You should be able to use some kind of apache plugin to act upon this information. - Alfred Original Message From: Alfred Reynolds Sent: Monday, June 06, 2005 5:37 PM To: 'hlds@list.valvesoftware.com' Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! We will look at adding an X-header to the request. - Alfred Original Message From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of m0gely Sent: Monday, June 06, 2005 5:26 PM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! Mikee wrote: How would you use the .htaccess to only allow folder access from a given server IP, since it is basically a web url based access? If you restrict it to the server ip then the feature won't work. The client downloads the files, not the server. And since you have no idea what the client IP's will be, well you get the idea. They need to either make the cvar protected like rcon, or add a referrer to the request so the web server can filter. This has been requested many times. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
On 7/06/2005 12:41 p.m., Alfred Reynolds wrote: And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip You should be able to use some kind of apache plugin to act upon this information. - Alfred No special modules needed - the following apache config should do the trick (note I haven't tested this): Directory /path/to/your/maps/dir SetEnfIf Referer ^hl2://1\.2\.3\.4 MY_SERVER=1 Order Allow,Deny Allow from env=MY_SERVER Deny from all /Directory Where 1\.2\.3\.4 is the IP of your server with \ in front of each dot. Note this is not totally secure since anyone can spoof the Referer header but it will stop others from using your sv_downloadurl for their clients. -Simon ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
I'm quite sure you can handle referer stuff. On 6/6/05, Rick Payton [EMAIL PROTECTED] wrote: Sweet! Too bad I run IIS :P -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] VALVe hide our sv_downloadurl paths!
Oh .. duh .. *brainfart* :P The hl2:// part threw me off :/ Rick Payton, IT Support Morikawa Associates (808) 572-1745 http://www.mai-hawaii.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clayton Macleod Sent: Monday, June 06, 2005 3:12 PM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! I'm quite sure you can handle referer stuff. On 6/6/05, Rick Payton [EMAIL PROTECTED] wrote: Sweet! Too bad I run IIS :P -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
I think the initial request has gotten lost in the thread. When people are in-game they can type sv_downloadurl and it shows them the download URL which they can then copy and add to their own server.cfg Yes there are ways of blocking others from downloading from that URL , but it would be nice if sv_downloadurl showed ** instead of the URL to the public. Dagok - Original Message - From: Alfred Reynolds [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Monday, June 06, 2005 5:41 PM Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip You should be able to use some kind of apache plugin to act upon this information. - Alfred Original Message From: Alfred Reynolds Sent: Monday, June 06, 2005 5:37 PM To: 'hlds@list.valvesoftware.com' Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! We will look at adding an X-header to the request. - Alfred Original Message From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of m0gely Sent: Monday, June 06, 2005 5:26 PM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! Mikee wrote: How would you use the .htaccess to only allow folder access from a given server IP, since it is basically a web url based access? If you restrict it to the server ip then the feature won't work. The client downloads the files, not the server. And since you have no idea what the client IP's will be, well you get the idea. They need to either make the cvar protected like rcon, or add a referrer to the request so the web server can filter. This has been requested many times. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
that's still not going to stop anything, it's a simple matter to see what computers your computer makes connections with. Using a referer seems to be the best way to go, and allow/disallow that way. On 6/6/05, Dagok [EMAIL PROTECTED] wrote: I think the initial request has gotten lost in the thread. When people are in-game they can type sv_downloadurl and it shows them the download URL which they can then copy and add to their own server.cfg Yes there are ways of blocking others from downloading from that URL , but it would be nice if sv_downloadurl showed ** instead of the URL to the public. -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
Is this really what is happening? People running servers going to other servers and basically pirating the sv_downloarurl for their own server? Sheesh...how low can some people sink? I always wondered why, when I changed my sv_downloadurl, I would keep logging all these requests to the old url. So, with this nifty change that Alfred described, now I can get the IP address of the server(s) that is helping itself to my download files? snip When people are in-game they can type sv_downloadurl and it shows them the download URL which they can then copy and add to their own server.cfg Yes there are ways of blocking others from downloading from that URL , but it would be nice if sv_downloadurl showed ** instead of the URL to the public. Dagok ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
So does this mean it is already Done or do we need to wait for the next update - Original Message - From: Alfred Reynolds [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Monday, June 06, 2005 8:41 PM Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip You should be able to use some kind of apache plugin to act upon this information. - Alfred Original Message From: Alfred Reynolds Sent: Monday, June 06, 2005 5:37 PM To: 'hlds@list.valvesoftware.com' Subject: RE: [hlds] VALVe hide our sv_downloadurl paths! We will look at adding an X-header to the request. - Alfred Original Message From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of m0gely Sent: Monday, June 06, 2005 5:26 PM To: hlds@list.valvesoftware.com Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! Mikee wrote: How would you use the .htaccess to only allow folder access from a given server IP, since it is basically a web url based access? If you restrict it to the server ip then the feature won't work. The client downloads the files, not the server. And since you have no idea what the client IP's will be, well you get the idea. They need to either make the cvar protected like rcon, or add a referrer to the request so the web server can filter. This has been requested many times. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
Yes it Really Happens Munra - Original Message - From: Ook [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Monday, June 06, 2005 10:58 PM Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! Is this really what is happening? People running servers going to other servers and basically pirating the sv_downloarurl for their own server? Sheesh...how low can some people sink? I always wondered why, when I changed my sv_downloadurl, I would keep logging all these requests to the old url. So, with this nifty change that Alfred described, now I can get the IP address of the server(s) that is helping itself to my download files? snip When people are in-game they can type sv_downloadurl and it shows them the download URL which they can then copy and add to their own server.cfg Yes there are ways of blocking others from downloading from that URL , but it would be nice if sv_downloadurl showed ** instead of the URL to the public. Dagok ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
Alfred Reynolds wrote: And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip You should be able to use some kind of apache plugin to act upon this information. While I applaud this response and it finally being done, I would suggest making the cvar protected as well. Many people probably use a web host that they have only FTP access to, or sometimes cpanel. They will not have access to make modifications to apache itself. I think both ideas are useful and worth it. Please make this a protected cvar. -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
Alfred Reynolds wrote: And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip You should be able to use some kind of apache plugin to act upon this information. - Alfred We will look at adding an X-header to the request. - Alfred Thought the people on teh l00nix side of the fence may like to see this. -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
m0gely wrote: While I applaud this response and it finally being done, I would suggest making the cvar protected as well. Many people probably use a web host that they have only FTP access to, or sometimes cpanel. They will not have access to make modifications to apache itself. I think both ideas are useful and worth it. Please make this a protected cvar. The feature has actually been there quite a while (at least months, according to logs). Hiding the cvar is not useful. If someone really wants to steal your bandwidth, they can use some external tool to see where the requests are going, so while it may stop the average player it won't stop anyone who actually wants to do this. Security through obscurity isn't usually a Good Idea. I would say people with only FTP access should be allowed to use .htaccess, if they can't well, they're SOL, sorry. cheers, -- Richard ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
You can still run a packet sniffer and see where its getting the files, if someones that determined. - Original Message - From: m0gely [EMAIL PROTECTED] To: hlds@list.valvesoftware.com Sent: Tuesday, June 07, 2005 12:21 PM Subject: Re: [hlds] VALVe hide our sv_downloadurl paths! Alfred Reynolds wrote: And bam, already done. Each request from Source clients to your web server contains the following line: Referer: hl2://server ip You should be able to use some kind of apache plugin to act upon this information. While I applaud this response and it finally being done, I would suggest making the cvar protected as well. Many people probably use a web host that they have only FTP access to, or sometimes cpanel. They will not have access to make modifications to apache itself. I think both ideas are useful and worth it. Please make this a protected cvar. -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] VALVe hide our sv_downloadurl paths!
Richard Nelson wrote: Hiding the cvar is not useful. If someone really wants to steal your bandwidth, they can use some external tool to see where the requests are going, so while it may stop the average player it won't stop anyone who actually wants to do this. No, but it will stop *a lot* of other people. Security through obscurity isn't usually a Good Idea. As with any layer of security, 'one' alone isn't a good idea. But this is only one, and it's not bad idea at all. I would say people with only FTP access should be allowed to use .htaccess The last several posts tried to explain why .htaccess has nothing to offer in this subject. Protecting the server from itself doesn't help anyone. -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
