mod_auth_token 1.0.1 review
Downloadmod_auth_token module uses token based authentication to secure downloads and prevent deep-linking. Have your PHP script or servle
|
|
mod_auth_token module uses token based authentication to secure downloads and prevent deep-linking.
Have your PHP script or servlet generate the to authenticate the download. Apache can then treat the download request like a normal file transfer without having to pipe the file through a script in order to add authentication.
You can find downloads, daily snapshots and support information at http://www.synd.info/
Usage:
The token is an hex-encoded MD5 hash of the secret password, relative file path and the timestamp. It is encoded onto the URI as:
< uri-prefix >< token >/< timestamp-in-hex >< rel-path >
For example
/protected/dee0ed6174a894113d5e8f6c98f0e92b/43eaf9c5/path/to/file.txt
where the token is generated as
md5("secret" + "/path/to/file.txt" + dechex(time_now()))
with the following configuration in httpd.conf
< Location /protected/ >
AuthTokenSecret "secret"
AuthTokenPrefix /protected/
AuthTokenTimeout 60
< /Location >
The actual file would should be located in
/protected/path/to/file.txt
Requirements:
Apache 1.3.x
mod_auth_token 1.0.1 search tags