Portal Home > Knowledgebase > Articles Database > Prevent other sites from leeching my form?
Prevent other sites from leeching my form?
| Posted by kohkindachi, 06-14-2009, 10:38 PM |
| Hey guys I'm running a download site where user put in the link in the form field. I've found another third party site that make use of my site - which means, they added a field on their site but the download will be processed using my server. Anyway to prevent this? It's costing me bandwidth
|
| Posted by Doh004, 06-14-2009, 10:52 PM |
| So you're running a semi-proxy service for people? The file gets downloaded through your server, to the client?
Anyways, there are multiple ways to remedy this.
1. Check the referer when you're retrieving the link the user requests. If it's not coming from either http://mydomain.com or http://www.mydomain.com, then don't process anything and return to the page. People can fake where their referer is coming from, so it isn't foolproof. It is something you should check for to prevent though.
2. Check against the session ID. Have the ID passed in the URL in the query string, and check if the value in the query string is the same as the user's current session ID. If it isn't, return to the page.
Last edited by Doh004; 06-14-2009 at 10:55 PM.
|
| Posted by AquariusStorage, 06-14-2009, 11:29 PM |
| I'd recommend you checking here for a good PHP download script that supports what Doh004 is talking about
http://www.hotscripts.com/category/p...nload-systems/
|
| Posted by sribasu, 06-15-2009, 07:17 PM |
| Don't go for 3rd party scripts. I think Session ID is the best procedure to prevent remote access. Create session on form page and verify session on download page.
|
| Posted by kohkindachi, 06-16-2009, 12:12 AM |
| Ok thanks guys. That fellow really fake the referrer
|
Add to Favourites 
Print this Article
Also Read
