htaccess & httpd help

[ababneh]

Hi all,

I hope someone wlll be able to help me out here. I've been researching this topic for a week now and I still couldn't figure it out.

I have a video streaming site where vids are stored on a different server (dedicated).

I found out there are many sites starting to link to my video files on the dedicated server (hotlinking) and basically steal my bandwidth.

What I am trying to do is to block all sites (ips) from accessing those files except for my streaming site.

Since I am not a web guru I been reading on this and my trials have been to place a htaccess file inside the "videos" folder with this code:
Order Deny,Allow
Deny from all
Allow from mystreamingvids(dot)com
However this blocked ALL sites including the streaming site
So I read on and It said I had to add "AllowOverride All" syntax to the httpd config file. but didn't work.

I am not sure if I I am on the right track or way off! Please point out to me how I can achieve this

If needed My Httpd.conf can be found here pastebin(dot)com/CU54WKsc
Sorry for the long message
thank you very much for assistance

[Kloschüssel]

the idea is not bad. generally you swapped the arguments for the Order directive. The second (Allow) is the default behaviour. so you should write it like this:

Code:

Order Allow,Deny
Allow from mystreamingvids.com
Deny from any.subdomain.mystreamingvids.com

[ababneh]

try this one and let us know if it works:

I tried this and it blocked all sites including mine

the idea is not bad. generally you swapped the arguments for the Order directive. The second (Allow) is the default behaviour. so you should write it like this:

also tried this and it blocked all sites as well including my site.

I think the httpd.conf has to be changed, but not sure which part, here is a look inside the httpd.conf

Code:

ServerAdmin admin@localhost
DocumentRoot "/var/www/html"

<Directory /home/*>
    AllowOverride All
    Options -MultiViews -Indexes FollowSymlinks IncludesNoExec +Includes
<Limit GET POST OPTIONS PROPFIND>
    Order allow,deny
    Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
    mit GET POST OPTIONS PROPFIND>Order deny,allow
    Deny from all
</LimitExcept>
</Directory>

<Directory />
    Options All
    AllowOverride All
</Directory>

<Directory "/var/www/html">
    Options -Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
   <IfModule mod_suphp.c>
        suPHP_Engine On
        suPHP_UserGroup webapps webapps
        SetEnv PHP_INI_SCAN_DIR
   </IfModule>
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html index.htm index.shtml index.php index.php5 index.php4 index.php3 index.phtml index.cgi
</IfModule>

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

ErrorLog /var/log/httpd/error_log
LogLevel warn

<IfModule log_config_module>
    #replace %b with %O for more accurate logging
    <IfModule mod_logio.c>
      LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
      LogFormat "%h %l %u %t \"%r\" %>s %O" common
      LogFormat "%O %I" bytes

      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog /var/log/httpd/access_log common
</IfModule>

<IfModule alias_module>
    # Include some DirectAdmin alias
    Include conf/extra/httpd-alias.conf
</IfModule>

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-gzip .tgz
    AddEncoding x-compress .Z
    AddEncoding x-gzip .gz .tgz
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
   AddHandler cgi-script .cgi
    AddHandler type-map var
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
        AddType video/x-ms-asf .avi
        AddType video/mpeg .mpg
        AddType video/mpeg .mpeg
        AddType video/quicktime .mov
        AddType video/x-ms-wmv .wmv
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

[scathefire]

perhaps a quick read from here Apache module mod_access might muddy the water a bit.

I would say try to make you htaccess file read like this:

Code:

Order allow,deny
allow from .mystreamingvids.com

It will process all allows first, and anything matching that will be allowed. The way you wrote it was with Deny from All. And since the order was deny, allow it will run the Deny rules first. Deny from all is a hit and therefore, no access.

The missing dot in front of the domain may help fix this, if there is perhaps a DNS record not properly configured somewhere. I would suggest using the IP address/range you want to allow instead, but YMMV.

[ababneh]

perhaps a quick read from here ] might muddy the water a bit.

I would say try to make you htaccess file read like this:

Code:

Order allow,deny
allow from .mystreamingvids.com

It will process all allows first, and anything matching that will be allowed. The way you wrote it was with Deny from All. And since the order was deny, allow it will run the Deny rules first. Deny from all is a hit and therefore, no access.

The missing dot in front of the domain may help fix this, if there is perhaps a DNS record not properly configured somewhere. I would suggest using the IP address/range you want to allow instead, but YMMV.

thanks for the input however the htaccess code blocked my site as well to access the files (blocked all sites!)
And the apache page I read over many times but unfortunately nothing worked.
Any suggestions?

[Kloschüssel]

i might understood what the problem is. *ehm* you have files which are shown on your webpage, right? thus they may are referenced there directly? hence a user accesses these files without passing by your site, right? so it is not your site that is being blocked, but the user who accesses the files because he tries to access them directly. to get it working you would need a proxy or something else that transparently downloads and redirects the content.

[ababneh]

I don't think users access the files without passing my site since the files are flv videos and users only stream them through the FLV player on my site, so users access files through my player in this format: mysite(dot)com/player.swf?file=path_to_file_on_other_server/vids/file.flv

[Kloschüssel]

tail -f the logfiles to see who requests your files (access.log) in realtime. then open a flv on your website. there should pop up a message like:

GET <ip> ....flv

if you see that the ip differs from your server ip and matches your computers ip, then users access the files directly, which is probably the case because flv is being executed on the client and retrieves data from your server if requested (loaded).

if this theory holds, you will have to buffer/redirect things transparently on your server by mounting it via nfs or using the apache with proxy directives.

[ababneh]

I looked at my DirectAdmin log viewer for apache access log however it doesn't show any flv files that have been accessed, isn't strange? I am able to see the proftpd log and I see all my ftp uploads. So where I can see the log to files accessed through my streaming site? here is a shot of my log on the DA

a.imageshack(dot)us/img713/6002/accesslog.jpg

I also accessed the log via putty and it showed the same

here is a small portion of how the apache access.log look like:
[30/Jul/2010:03:48:32 -0600] "GET /user/soapCaller.bs HTTP/1.1" 404 566
[30/Jul/2010:03:48:32 -0600] "GET /user/soapCaller.bs HTTP/1.1" 404 566
[30/Jul/2010:02:17:10 -0600] "GET /main/e107_files/e107.js HTTP/1.1" 404 571
[30/Jul/2010:02:17:09 -0600] "GET /content/e107_files/e107.js HTTP/1.1" 404 574
[30/Jul/2010:02:17:09 -0600] "GET /portal/e107_files/e107.js HTTP/1.1" 404 573
[30/Jul/2010:02:17:09 -0600] "GET /cms/e107_files/e107.js HTTP/1.1" 404 570
[30/Jul/2010:02:17:08 -0600] "GET /e107/e107_files/e107.js HTTP/1.1" 404 571
[30/Jul/2010:02:17:07 -0600] "GET /e107_files/e107.js HTTP/1.1" 404 566

[ababneh]

any other ideas??