Question about "Files filter"

Hardy · **on:** April 11, 2012, 11:13:41 AM

Hello.
I am using HFS as FastDownload for game servers, and i have question:
Is there any way to whitelist file extensions, which users can download?
For example: i need to allow access only for *.bsp and such files, but need to restrict access to *.cfg and *.lua.
I tried to set up files filter like that:
*.bsp;*.bz2;*.wav;*.mp3;*.res;*.mdl;*.vtx;*.vvd;*.phy;*.vmt;*.vtf;*.ain;*.pcf;*.ttf;*.dua;*.dat;*.ztmp;\*.lua;\*.dll;\*.txt
But i still can download any file, if i know full path to it (i disabled file browsing)
How to fix that? And is there any whitelist feature, to make "files filter" act like whitelist, restricting access to other file types?
Thanks in advance.

Running 2.3 beta, build 279

Hardy · **Reply #1 on:** April 11, 2012, 11:25:46 AM

I even tried it like that:
\*.lua;*.dll;*.txt
and like that:
\*.lua;\*.dll;\*.txt
but it's still totally ignoring that field, allowing some skilled person to download valuable configs and scripts from my server. Help!

Mars · **Reply #2 on:** April 11, 2012, 11:33:05 AM

with this filter of files, you can make two choice

hide all files except : *.bsp;*.bz2;*.wav;*.mp3;*.res;*.mdl;*.vtx;..... without the \

view all files except : \*.lua;*.dll;*.txt;*.cfg ... with one \ at first

there are only the two syntax

Hardy · **Reply #3 on:** April 11, 2012, 11:34:04 AM

So, there is no way to restrict download for certain file types? Only hide them?
Because all FastDL folders is marked for "Recursively hidden" anyway, but person who knows full path to file can still download it. That's why i need that kind of restrictions.

Mars · **Reply #4 on:** April 11, 2012, 12:10:06 PM

The alternative is to create a virtual directory and add all the files that can be downloaded, as virtual in this folder, then new files will be added individually to the virtual list.

Hardy · **Reply #5 on:** April 11, 2012, 12:25:45 PM

No, it's not alternative for me, cause sometimes i'm adding gigatons of content, and adding each file manually...
Anyway, i found a solution - eventscripts:

[+download]
{.disconnection reason|Too much hax|if={.match|*.txt|%url%.} {.match|*.cfg|%url%.} {.match|*.lua|%url%.} {.match|*.dll|%url%.} {.match|*.so|%url%.}.}

Thank you for your help

Mars · **Reply #6 on:** April 11, 2012, 12:40:05 PM

think about set the filter to hide these files

raybob · **Reply #7 on:** April 11, 2012, 03:13:55 PM

I think Events would have been the way to go from the start. Why use something that's pre-programmed when you can control it yourself?

Mars · **Reply #8 on:** April 11, 2012, 04:54:44 PM

macros and events are a step to which I contributed a lot, but when we seek safety, it is best to use what is available in the exe, because the customized template and event files are volatile and that the slightest conception error may leave your website without protection

the best choice will depend on the level of security and portability, because in this case with an event, it is the entire VFS is locked for these files and not only one directory.

rejetto · **Reply #9 on:** April 15, 2012, 12:53:33 PM

Quote from: Hardy on April 11, 2012, 12:25:45 PM

{.disconnection reason|Too much hax|if={.match|*.txt|%url%.} {.match|*.cfg|%url%.} {.match|*.lua|%url%.} {.match|*.dll|%url%.} {.match|*.so|%url%.}.}

try a single {.match|*.txt;*.cfg;*.lua;*.dll;*.so|%url%.}

Question about "Files filter"

Hardy

Question about "Files filter"

Hardy

Re: Question about "Files filter"

Mars

Re: Question about "Files filter"

Hardy

Re: Question about "Files filter"

Mars

Re: Question about "Files filter"

Hardy

Re: Question about "Files filter"

Mars

Re: Question about "Files filter"

raybob

Re: Question about "Files filter"

Mars

Re: Question about "Files filter"

rejetto

Re: Question about "Files filter"