of course it is. full of flu atm, cant think straight :P As a quick test try putting httpd to full log level and write out all request headers (including HTTP_REFERRER) per request. Even if you do get a consistent referrer identifiable as being from your game servers http headers are easy to spoof, at most it would only cut out the casual person that redirects to your server for downloading. Anyone with their own httpd could append any number of headers to a client forward which would make it look like it was from one of your own servers.
Being a bit in the dark about this, but how much of a problem is this ? I mean there is the potential to serve a lot of Bandwidth to anyone that fancies hitting your site, but how much is it being exploited currently ? Anyone seeing over a GB of abuse a month ? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of List Keeper Sent: 15 September 2004 15:25 To: [EMAIL PROTECTED] Subject: Re: [hlds_linux] Referer for sv_downloadurl That wouldn't work because it's not the servers that request it. It's the clients. ----- Original Message ----- From: "McCormack, Chris" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 15, 2004 09:05 AM Subject: RE: [hlds_linux] Referer for sv_downloadurl > setup an httpd rule to only allow requests from allowed ip addresses (ie your > servers). > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Michael > McKoy > Sent: 15 September 2004 14:49 > To: [EMAIL PROTECTED] > Subject: Re: [hlds_linux] Referer for sv_downloadurl > > > Interesting that you should bring this up. I've been wondering the same.. > I've had a couple of people setup their server to leach off the url I use > for my own mapdownloads. Couldn't find any information on where the > clients were coming from, just saw them bouncing 404 on maps I don't have > up.. So I moved the folder :) > >> Maybe I missed something, but the discussion about referers >> for mapdownloads in cstrike seems to have ended mid july. >> >> Is it a secret feature you have to switch on or is it just not >> implemented yet? (someone mentioned, it works for dod) >> >> In that case, I'd like to bring this topic back to live. >> >> Regards, >> Suddenly _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux *********************************************** This e-mail and its attachments are confidential and are intended for the above named recipient only. If this has come to you in error, please notify the sender immediately and delete this e-mail from your system. You must take no action based on this, nor must you copy or disclose it or any part of its contents to any person or organisation. Statements and opinions contained in this email may not necessarily represent those of Littlewoods. Please note that e-mail communications may be monitored. The registered office of Littlewoods Limited and its subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods Limited is 262152. ************************************************ _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
