I am lost in a problem and I have been working on it for two days – but could not find a solution. It would be great if someone could help me – thanks!
I built a website for a customer with protected pages by Front End User module where his customers can log in and download software and brochures. Everything works fine.
But now my customer found out that everybody who can log in can copy
the download link for software or any other file and could give it away without permission.
My customer wants me to block downloads when not logged in. I tried it with htaccess file and the referrer variable but could either get blocked everything or nothing. The download link worked without being logged in – or it didn't work when logged in.
I searched around – it seems to be called "deep linking". But there is not really a working solution – being it javascript or server redirecting.
The one thing I found as a plugin (tag) in the CMSms was "Secure file download". But it was 13 years old and incomplete.
There are two modules "Download Manager" (very old) and its fork "JMDownMan". But JMDownMan seems to be made for new lists of downloads (and it still is a Release Candidat).
I was also experimenting with the tag "metadata soawbase=false" and had hoped to block absolute urls e.g. http://www.mydomain.de/downloads/file.pdf via htacces. While allowing downloads via relative links e.g. /downloads/file.pdf. Didn't work either.
Could someone help or give me a hint? This would be great!
Thanks a lot for helping
Reinhard
System info:
Code: Select all
----------------------------------------------
Cms Version: 2.2.8
Installed Modules:
▪ AdminSearch: 1.0.4
▪ CGExtensions: 1.61.3
▪ CGSimpleSmarty: 2.2
▪ CMSContentManager: 1.1.6
▪ CMSMailer: 6.2.14
▪ Captcha: 1.0
▪ CmsJobManager: 0.1.3
▪ DesignManager: 1.1.4
▪ ExaExternalizer: 0.6
▪ FileManager: 1.6.7
▪ FilePicker: 1.0.3
▪ FormBuilder: 0.8.1.6
▪ FrontEndUsers: 2.12.2
▪ MenuManager: 1.50.3
▪ MicroTiny: 2.2.2
▪ ModuleManager: 2.1.4
▪ NMS: 2.13.2
▪ Navigator: 1.0.9
▪ News: 2.51.4
▪ Search: 1.51.5
▪ TinyMCE: 3.2-beta6
Config Information:
▪ php_memory_limit:
▪ max_upload_size: 96000000
▪ url_rewriting: mod_rewrite
▪ page_extension: .html
▪ query_var: page
▪ auto_alias_content: true
▪ locale:
▪ set_names: true
▪ timezone: Europe/Berlin
▪ permissive_smarty: false
Php Information:
▪ phpversion: 7.2.29
▪ md5_function: An (Ja)
▪ json_function: An (Ja)
▪ gd_version: 2
▪ tempnam_function: An (Ja)
▪ magic_quotes_runtime: Aus (Nein)
▪ E_ALL: 32767
▪ E_STRICT: 2048
▪ E_DEPRECATED: 8192
▪ test_file_timedifference: No time difference found
▪ test_db_timedifference: No time difference found
▪ create_dir_and_file: 1
▪ memory_limit: 256M
▪ max_execution_time: 600
▪ register_globals: Aus (Nein)
▪ output_buffering: 0
▪ disable_functions: show_source, passthru, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, system, apache_note, apache_setenv, closelog, debugger_off, debugger_on, define_syslog_variables, openlog, syslog, popen, pclose, ini_restore, symlink, ini_alter, disk_total_space, diskfreespace, dl, backtick_operator, set_time_limit
▪ open_basedir:
▪ test_remote_url: Erfolgreich abgeschlossen
▪ file_uploads: An (Ja)
▪ post_max_size: 96M
▪ upload_max_filesize: 96M
▪ session_save_path: /tmp (1777)
▪ session_use_cookies: An (Ja)
▪ xml_function: An (Ja)
▪ xmlreader_class: An (Ja)
▪ check_ini_set: An (Ja)
▪ curl: An
Performance Information:
▪ allow_browser_cache: An (Ja)
▪ browser_cache_expiry: 60
▪ php_opcache: An (Ja)
▪ smarty_cache: Aus (Nein)
▪ smarty_compilecheck: Aus (Nein)
▪ auto_clear_cache_age: An (Ja)
Server Information:
▪ Server Software: Apache
▪ Server Api: cgi-fcgi
▪ Server Os: Linux 2.6.32-954.3.5.lve1.4.77.el6.x86_64 An x86_64
▪ Server Db Type: MySQL (mysqli)
▪ Server Db Version: 5.7.29
▪ Server Db Grants: Es konnte keine „GRANT ALL“-Berechtigung gefunden werden. Dies kann bedeuten, dass Sie bei der Installation oder beim Entfernen von Modulen, oder sogar beim Hinzufügen und Löschen von Elementen, einschließlich Seiten, Probleme haben könnten.
Permission Information:
▪ tmp: /var/www/vhosts/7/140335/webspace/httpdocs/carecom-solutions.com/tmp (0755)
▪ tmp_cache: /var/www/vhosts/7/140335/webspace/httpdocs/carecom-solutions.com/tmp/cache (0755)
▪ templates_c: /var/www/vhosts/7/140335/webspace/httpdocs/carecom-solutions.com/tmp/templates_c (0755)
▪ modules: /var/www/vhosts/7/140335/webspace/httpdocs/carecom-solutions.com/modules (0755)
▪ uploads: /var/www/vhosts/7/140335/webspace/httpdocs/carecom-solutions.com/uploads (0755)
▪ Maske zum Erstellen von Dateien (umask): /var/www/vhosts/7/140335/webspace/httpdocs/carecom-solutions.com/tmp/cache (0755)
▪ config_file: 0444
----------------------------------------------