-
Notifications
You must be signed in to change notification settings - Fork 0
Automatically exported from code.google.com/p/mod-auth-token
License
Theoderich/mod-auth-token
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
This module uses token based authentication to secure downloads and prevent deep-linking. Have your script or servlet generate a token to authenticate the download and let Apache handle the file transfer without having to pipe it through a script for security. You can find downloads, daily snapshots and support information at http://code.google.com/p/mod-auth-token/ USAGE The token is an hex-encoded MD5 hash of the secret password, relative file path and the timestamp. It is encoded onto the URI as: <uri-prefix><token>/<timestamp-in-hex><rel-path> For example /protected/dee0ed6174a894113d5e8f6c98f0e92b/43eaf9c5/path/to/file.txt where the token is generated as md5("secret" + "/path/to/file.txt" + dechex(time_now())) you can add in the md5 hash the ip (and not the hostname) of the client to limit by ip. If you do so, enable AuthTokenLimitByIp in the config file of apache with the following configuration in httpd.conf <Location /protected/> AuthTokenSecret "secret" AuthTokenPrefix /protected/ AuthTokenTimeout 60 AuthTokenLimitByIp off </Location The actual file would be located in /protected/path/to/file.txt CREDITS Implementation ideas were taken from mod_secdownload for LIGHTTPD - http://trac.lighttpd.net/trac/wiki/Docs%3AModSecDownload
About
Automatically exported from code.google.com/p/mod-auth-token
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published