Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
Hi all, I hope someone wlll be able to help me out here. I've been researching this topic for a week now and I still couldn't figure it out. I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2010
    Posts
    6

    htaccess & httpd help


    Hi all,

    I hope someone wlll be able to help me out here. I've been researching this topic for a week now and I still couldn't figure it out.

    I have a video streaming site where vids are stored on a different server (dedicated).

    I found out there are many sites starting to link to my video files on the dedicated server (hotlinking) and basically steal my bandwidth.

    What I am trying to do is to block all sites (ips) from accessing those files except for my streaming site.

    Since I am not a web guru I been reading on this and my trials have been to place a htaccess file inside the "videos" folder with this code:
    Order Deny,Allow
    Deny from all
    Allow from mystreamingvids(dot)com
    However this blocked ALL sites including the streaming site
    So I read on and It said I had to add "AllowOverride All" syntax to the httpd config file. but didn't work.

    I am not sure if I I am on the right track or way off! Please point out to me how I can achieve this

    If needed My Httpd.conf can be found here pastebin(dot)com/CU54WKsc
    Sorry for the long message
    thank you very much for assistance

  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    the idea is not bad. generally you swapped the arguments for the Order directive. The second (Allow) is the default behaviour. so you should write it like this:

    Code:
    Order Allow,Deny
    Allow from mystreamingvids.com
    Deny from any.subdomain.mystreamingvids.com

  3. #3
    Just Joined!
    Join Date
    Jul 2010
    Posts
    6
    Quote Originally Posted by asmar View Post
    try this one and let us know if it works:
    I tried this and it blocked all sites including mine

    Quote Originally Posted by Kloschüssel View Post
    the idea is not bad. generally you swapped the arguments for the Order directive. The second (Allow) is the default behaviour. so you should write it like this:
    also tried this and it blocked all sites as well including my site.

    I think the httpd.conf has to be changed, but not sure which part, here is a look inside the httpd.conf

    Code:
    ServerAdmin admin@localhost
    DocumentRoot "/var/www/html"
    
    <Directory /home/*>
        AllowOverride All
        Options -MultiViews -Indexes FollowSymlinks IncludesNoExec +Includes
    <Limit GET POST OPTIONS PROPFIND>
        Order allow,deny
        Allow from all
    </Limit>
    <LimitExcept GET POST OPTIONS PROPFIND>
        mit GET POST OPTIONS PROPFIND>Order deny,allow
        Deny from all
    </LimitExcept>
    </Directory>
    
    <Directory />
        Options All
        AllowOverride All
    </Directory>
    
    <Directory "/var/www/html">
        Options -Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
       <IfModule mod_suphp.c>
            suPHP_Engine On
            suPHP_UserGroup webapps webapps
            SetEnv PHP_INI_SCAN_DIR
       </IfModule>
    </Directory>
    
    <IfModule dir_module>
        DirectoryIndex index.html index.htm index.shtml index.php index.php5 index.php4 index.php3 index.phtml index.cgi
    </IfModule>
    
    <FilesMatch "^\.ht">
        Order allow,deny
        Deny from all
        Satisfy All
    </FilesMatch>
    
    ErrorLog /var/log/httpd/error_log
    LogLevel warn
    
    <IfModule log_config_module>
        #replace %b with %O for more accurate logging
        <IfModule mod_logio.c>
          LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
          LogFormat "%h %l %u %t \"%r\" %>s %O" common
          LogFormat "%O %I" bytes
    
          LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
        </IfModule>
    
        CustomLog /var/log/httpd/access_log common
    </IfModule>
    
    <IfModule alias_module>
        # Include some DirectAdmin alias
        Include conf/extra/httpd-alias.conf
    </IfModule>
    
    <Directory "/var/www/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>
    
    DefaultType text/plain
    
    <IfModule mime_module>
        TypesConfig conf/mime.types
        AddType application/x-gzip .tgz
        AddEncoding x-compress .Z
        AddEncoding x-gzip .gz .tgz
        AddType application/x-compress .Z
        AddType application/x-gzip .gz .tgz
       AddHandler cgi-script .cgi
        AddHandler type-map var
        AddType text/html .shtml
        AddOutputFilter INCLUDES .shtml
            AddType video/x-ms-asf .avi
            AddType video/mpeg .mpg
            AddType video/mpeg .mpeg
            AddType video/quicktime .mov
            AddType video/x-ms-wmv .wmv
    </IfModule>
    <IfModule ssl_module>
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    </IfModule>

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    perhaps a quick read from here Apache module mod_access might muddy the water a bit.

    I would say try to make you htaccess file read like this:
    Code:
    Order allow,deny
    allow from .mystreamingvids.com
    It will process all allows first, and anything matching that will be allowed. The way you wrote it was with Deny from All. And since the order was deny, allow it will run the Deny rules first. Deny from all is a hit and therefore, no access.

    The missing dot in front of the domain may help fix this, if there is perhaps a DNS record not properly configured somewhere. I would suggest using the IP address/range you want to allow instead, but YMMV.
    Last edited by scathefire; 07-29-2010 at 03:14 PM.
    linux user # 503963

  6. #5
    Just Joined!
    Join Date
    Jul 2010
    Posts
    6

    re

    Quote Originally Posted by scathefire View Post
    perhaps a quick read from here ] might muddy the water a bit.

    I would say try to make you htaccess file read like this:
    Code:
    Order allow,deny
    allow from .mystreamingvids.com
    It will process all allows first, and anything matching that will be allowed. The way you wrote it was with Deny from All. And since the order was deny, allow it will run the Deny rules first. Deny from all is a hit and therefore, no access.

    The missing dot in front of the domain may help fix this, if there is perhaps a DNS record not properly configured somewhere. I would suggest using the IP address/range you want to allow instead, but YMMV.
    thanks for the input however the htaccess code blocked my site as well to access the files (blocked all sites!)
    And the apache page I read over many times but unfortunately nothing worked.
    Any suggestions?

  7. #6
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    i might understood what the problem is. *ehm* you have files which are shown on your webpage, right? thus they may are referenced there directly? hence a user accesses these files without passing by your site, right? so it is not your site that is being blocked, but the user who accesses the files because he tries to access them directly. to get it working you would need a proxy or something else that transparently downloads and redirects the content.

  8. #7
    Just Joined!
    Join Date
    Jul 2010
    Posts
    6
    I don't think users access the files without passing my site since the files are flv videos and users only stream them through the FLV player on my site, so users access files through my player in this format: mysite(dot)com/player.swf?file=path_to_file_on_other_server/vids/file.flv

  9. #8
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    tail -f the logfiles to see who requests your files (access.log) in realtime. then open a flv on your website. there should pop up a message like:

    GET <ip> ....flv

    if you see that the ip differs from your server ip and matches your computers ip, then users access the files directly, which is probably the case because flv is being executed on the client and retrieves data from your server if requested (loaded).

    if this theory holds, you will have to buffer/redirect things transparently on your server by mounting it via nfs or using the apache with proxy directives.

  10. #9
    Just Joined!
    Join Date
    Jul 2010
    Posts
    6

    re

    I looked at my DirectAdmin log viewer for apache access log however it doesn't show any flv files that have been accessed, isn't strange? I am able to see the proftpd log and I see all my ftp uploads. So where I can see the log to files accessed through my streaming site? here is a shot of my log on the DA

    a.imageshack(dot)us/img713/6002/accesslog.jpg

    I also accessed the log via putty and it showed the same

    here is a small portion of how the apache access.log look like:
    [30/Jul/2010:03:48:32 -0600] "GET /user/soapCaller.bs HTTP/1.1" 404 566
    [30/Jul/2010:03:48:32 -0600] "GET /user/soapCaller.bs HTTP/1.1" 404 566
    [30/Jul/2010:02:17:10 -0600] "GET /main/e107_files/e107.js HTTP/1.1" 404 571
    [30/Jul/2010:02:17:09 -0600] "GET /content/e107_files/e107.js HTTP/1.1" 404 574
    [30/Jul/2010:02:17:09 -0600] "GET /portal/e107_files/e107.js HTTP/1.1" 404 573
    [30/Jul/2010:02:17:09 -0600] "GET /cms/e107_files/e107.js HTTP/1.1" 404 570
    [30/Jul/2010:02:17:08 -0600] "GET /e107/e107_files/e107.js HTTP/1.1" 404 571
    [30/Jul/2010:02:17:07 -0600] "GET /e107_files/e107.js HTTP/1.1" 404 566

  11. #10
    Just Joined!
    Join Date
    Jul 2010
    Posts
    6
    any other ideas??

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •