.htaccess question

[Masali]

Hello!

I am going to set a cookie using javascript containing the users IP-address on a html page that links to a movie. The directory that contains the movie, is going to contain a htaccess that checks that IP in the cookie with the users IP. If they are the same, they are allowed to download the movie, else redirect.

But I don't know how I can do this with htaccess... I would be glad if you could help!

Thanks in advance

Masali

 

[philote]

You'll probably get better help if you post on the Apache forum, forum65.

 

[arcnon]

htaccess doesn't work like that. When you request a page that uses it you get a default page that asks for you user name and password. When you send the response it checks the url encoded user and password. If it matches it directs you to the page else the "your are not authorized".

Also the ip thing isn't a good idea if anyone goes to the cookie page then the download page they are always in the IP address will always match. I wouldn't think that this meets your needs.

final note make a list of your security/authorization needs and start from there in developing your solution.

 

[Masali]

Isn't that .htpasswd?

The htaccess is not for denying people the movie, just for protection from hotlinking the movie.

 

[philote]

.htaccess really just allows you to apply certain Apache directives to a particular directory. Normally this is for access purposes but it can also be used to allow the running of scripts, etc. I think what you may be able to do is get the cookie and set an environment variable based on the cookie's value and IP. Then you can allow access if that environment variable is defined. I'm not positive it's possible to do that though, that's why the Apache forum would be a better place to get info.

You can also check the referer (though this can be spoofed) to make sure they got to that directory from a link on your site. Look at the example on the bottom of this page.

 

[Masali]

The problem is when some mediaplayers open a video film, they don't send the refering url in the header, so it looks for the htaccess that they come from another place than my page.

I know there is possibility to read cookies using htaccess, something like this:

RewriteCond %{HTTP_COOKIE} !^.*ssid=valid.*$
RewriteRule .*\.(gif|GIF|jpg|JPG|mpg|MPG|Mpeg|mpeg|MPEG|rm|RM|avi|AVI)$

http://www.mydomain.com/403.htm

[R,L]

But i want the htacces to compare the data in the cookie if the ip is correct. I am going to set the cookie ssid to the users IP-address, and then compare the cookie with the ip-address checked by the htacess. THe thing I don't know is how you compare this cookie with the ip in htaccess, and I dont' know how to read the IP with javascript.

Best regards

Masali

 

[arcnon]

htaccess and htpasswd are 2 parts of the same critter.

A way to read the ip with javascript & SSI

var ip = '<!--#echo var="REMOTE_ADDR"-->'

function ipval() {
document.myform.ipaddr.value=ip;
}
window.onload=ipval
</script>

use a perl script to write htpasswd files something you could modify for your purposes

http://www.awtrey.com/support/scripts/htpass.php

Anyways matbe this can give you direction