[sambro]

Well I made that name up on the spot. The boring name is sv_downloadurl_protection.

I have been trying to come up with a way to effectively prevent the possibility of other servers from using your sv_downloadurl themselves and letting users leech off your precious bandwidth.

The problem is Valve are pathetically lazy, and Steam does not pass the Referer along the line when it makes requests to your web server from HLDS. This means you can't really differentiate between Mr. EvilLeechers server and your own.

As a side note, they implemented the referer system in SRCDS, I believe the Referer is in the format of hl2://<IP of server>.

This plugin aims to solve the leeching problem with the combination of a .htaccess, a .php proxy, and a AMXX script.

Let's say your sv_downloadurl root is "http://www.testsite.com/naturalselection/". The .htaccess file provided will deny access to anything in this folder and any subfolders, with the exception of the PHP file also provided; file.php.

The file.php will check a IP address "whitelist" database table. If a user has been added to the whitelist, the PHP script will deliver the file (uses readfile(), shouldn't be a big memory hog, if anyone knows an even better way, let me know), otherwise it will 404 (basically telling a potential leech to sod-off).

There is also a Expiry system setup, if a user doesn't connect to the HTTP download server within 10 seconds, or there is more than a 10 second delay between file requests (shouldn't happen unless internet drops), then they are removed from the whitelist.

The AMXX script will watch for client connects, and when a client goes off to download files, their IP address will be added to the IP whitelist database table.

So in a nutshell, with this system it is 100% impossible for another server to directly leech your sv_downloadurl (unless they compromised your MySQL database). Also, with the fairly strict Expiry system set in place, it is very difficult for users to directly leech from you. The way they would attempt to achieve this is begin connecting to your server, disconnect quickly, then connect to another server which is using your HTTP server unlawfully. The chances of this happening are pretty slim anyway.

Let me know what you think. I'm pretty new to AMXX scripting, I think I did a crappy addon ages ago, but only just back into it yesterday, so if there's any nubbish mistakes in the code, be nice

INSTALLATION:
You need to have MySQL setup correctly, meaning valid login information in sql.cfg, and the mysql module enabled.

Your webserver needs PHP installed correctly, script has been tested in PHP4 and PHP5.

Your webserver also needs .htaccess support.

If you have all of the above, there is a few simple steps to take.

1) Open the file.php file, edit the database settings at the top of the file. Use the same settings you have set up in addons/amxmodx/configs/sql.cfg. There's also a couple of other settings you can tweak in there if you have experience.

2) Upload the .htaccess and edited file.php files to the sv_downloadurl root. For example if your sv_downloadurl is "http://www.testsite.com/naturalselection/" then upload the files into the naturalselection folder.

3) Edit your mods server.cfg file, and change the sv_downloadurl. Following the previous example, you need to change the sv_downloadurl from

http://www.testsite.com/naturalselection/

to:

http://www.testsite.com/naturalselection/file.php/

Make sure the link has the trailing slash.

4) Add the sv_downloadurl_protection.amxx file to your plugins directory and plugins.ini list.

5) Restart server.

6) ???

7) Profit.