http redirect and blocking leeching?

DG1 · 2004-05-22 22:28:10 UTC

Anybody know of a way to have a http/ftp fileserver for use as a ET http redirect, but not serve the files if someone copies the url etc and sticks it as a http redirect on their own server? Preferably not from someone googling the filename either, though there’s some “robots” file or whatever that can reduce that aswell i think?

SCDS_reyalP · 2004-05-23 05:48:43 UTC

I would look at what kind of requests the ET download client sends. While they can be spoofed, if the referrer or user agent were unique, that could help.

Hmmm, it doesn’t look too good from the packet capture:


----- HTTP Client Request ----- - [54-211]
[158 byte(s) of data]
 GET /etmain/v2_factory_b1.pk3 HTTP/1.1 - [54-91]
 Accept: */* - [94-104]
 TE: trailers - [107-118]
 Host: 66.98.138.72 - [121-138]
 User-Agent: ID_DOWNLOAD/1.0 libwww/5.3.1 - [141-180]
 Connection: TE,Keep-Alive - [183-207]

###############################################################

Useragent is unique, so you could likely stop most random googlers and bots. Other people setting their ET redirects to your page looks rather harder.

I suppose you could get really tricky with your firewall and only allow HTTP requests from someone who had recently sent you a UDP on your ET server ports. I’m pretty sure you could get at least most of the way there with the stuff available in linux, but you might have to write some glue code. On windows, I suspect this would require additional software :moo:

edit:
A simple way to prevent people from configuring their server to use your downloads would be to have the URL changed every time you start the server, eg /whatever/<some random number generated by a script>/etmain/blah.pk3

Change this once a day, and most people will look elsewhere. Your script needs to not only move the files, but also set the path in your server config. You could probably do that with an rcon bot of some kind, and thus avoid having to restart the server.

BSDman · 2004-05-23 09:55:21 UTC

hmmm, would need some pretty advanced stuff, not something your average user has access to. not unless u rent a dedicated server or have shell access.
Leaching is a major prob, at one time i had logs of hundreds of downloads from one of the clanbase servers, or that was the logged address the files were being downloaded from, not sure exactly what was going on there but had to move them since it was doubling my BW.

evilsock · 2004-05-23 10:44:03 UTC

Is there no way you could enforce this via a cookie? Have them go to your website, write a cookie and if the cookie doesn’t exist then they aren’t legit and no download?

DG1 · 2004-05-23 17:25:56 UTC

dont think the et client accepts cookies

I guess reyalp’s simple way is probably the method, maybe with a file not found page - which causes a bit of havoc when it suddenly appears infront of et