Restricting access to directories for different transport protocols.

[Guest_imported]

Hi,

I am really stuck with something that I need to do urgently. I've tried all the FAQs and knowledge bases I can stomach, and I think it's a question that someone who knows could easily answer. Sorry if I'm flamebait for naively posting it here

Basically, I need to block http access to a given directory whilst allowing pnm (a realmedia transport) access. I have got as far as playing with htaccess and managed to bar http access (easy), but unfortunately it also barred pnm access.

My host provider's support people suggested I could do this sort of thing with htaccess, but it was a hand-waving sort of answer and they haven't been any further help.

First, am I on the wrong track? If not, does anyone know how to set this up, so I can go back to being a non-techie and bury my head in the sand?

Thanks so much,
Dan. (email: dan AT walrus DOT nu)

 

[ifincham]

Hi,







I've no way of testing the following but I think it will work.... The SetEnvIf directive can query various fields incl Request_Protocol and set an environment variable based on a regex of the value of the field. Typically Request_Protocol would have a value like HTTP/1.1. Presumably (and its only an assumption !) that would contain PNM if the url began pnm:// instead of http:// . So the following would hopefully set the environment variable 'protK' if the Request_Protocol began with 'PNM'. That is then used as a conditional allow.







SetEnvIf Request_Protocol ^PNM protK



<Directory /whatever>



Order Deny,Allow



Deny from all



Allow from env=protK



</Directory>







See -->

http://httpd.apache.org/docs/mod/mod_setenvif.html

and

http://httpd.apache.org/docs/mod/mod_access.html

.







Regards

 

[Guest_imported]

Thanks for your reply ... I've tested this with a few different combinations and it seems to just deny all requests to the directory in question.

I've had a glance at the pages you pointed me to and I believe it should all work, except I'm not sure about the Request_Protocol part (the examples show &quot;HTTP/1.1&quot; which doesn't look like it's part of the request line, and I have a scary feeling that pnm might be built on top of http or something).

Ok ... another thought: on the second page you showed me, there's a similar example using User-Agent. I wonder if realplayer could be distinguished from a browser by this somehow? That would do it for me, as what I'm basically trying to do is allow people to stream certain video files without being able to download them from their browser (eg right-click->save-as). Only problem is I have no way to know the User-Agent tag that realplayer uses ... any ideas?

One last idea depends on whether I can use Referrer and put the full filename, to check it's streaming from the .ram file not being right-clicked off a link? I will play with this and let you know if it works.

Thanks again,
d.

 

[Guest_imported]

That last idea didn't work, but it could be my syntax. How would I refer to

http://www.mydomain.thingy/directory/test.ram

?

Also, if I can't do it by file, can I do a directory, eg

http://www.mydomain.thingy/secure

?

This would float my boat. Also, do I need the <Directory> bits if the .htaccess file resides in the directory in question? Just out of interest ...

d.

 

[Guest_imported]

Ok ... this is as far as I can get by myself:

SetEnvIf BrowserMatch ^RealPlayer protK
<Directory /tv/secure>
Order Deny,Allow
Deny from all
Allow from env=protK
</Directory>

It seems to ban all access to files in that directory, even when I type the URL of the file directly into RealPlayer. Can anyone see what I'm doing wrong here? This is getting increasingly urgent and I'm not getting very far by myself.

Thanks,
d.