MonitorWare Knowledge Base

Hi,

I have two questions:

1. How can I redirect users (to a particular URL) if they try to access files in a particular directory with in the IIS site? e.g Look at sophos site:

http://www.sophos.com/downloads/product ... l/angz.exe

You try to access the above exe (Antivirus software) from their site by typing in the above URL in your browser then you get redirected to their home page. However If you register with them and then download after filling in the registration form then it let's you download it. I would like to know how this is configured so that I can provide the same feature on my site.


2. I would like to embed a flash file in one of html pages so that users can view that flash file if they access the html page. However I don't want users to download this flash file by directly typing the URL.

e.g: If html is available at: http://www.domainname.com/test.htm
and I embed flash file in this html page using <embed src="http://www.domainname/flash/flash.swf"> tag.

What rights do I need to set on flash directory so that all files in that directory can't be accessed directly using client browser (by typing http://www,domainname.com/flash/flash.swf) but indirectly via html page on domainname site?

Is this possible?

Thanks

Hi,

to your first question.
You can do this in two ways.
1. You create a asp page with the following script content and you use this asp page as download link.

Code: Select all

<%@ LANGUAGE="VBScript" %>
<%
Response.Redirect("http://www.sophos.com/downloads/products/sophos_files/full/angz.exe")
%>


2. You create a empty textfile called Something.exe and you place it on your web server like this: www.myserver.x/Something.exe
When opening your website in the IIS Manager, you can RightClick this File and set a redirect to another URL for it. The important thing is that the file exists (It can just be an empty textfile).

To your second question. It is not possible to block access directly to the flash, but to have it embedded into another html site.

Hi Andre,

Thanks for your reply. To my understanding, the two ways that you have mentioned will always redirect users to a specified URL. However what I need is:

1. I want users to download few files from my site
2. However before they start downloading they should fill in some form (Come via a particular page)
3. If they try to download that file directly by typing in the URL then they should either get redirected to home page or see some message that you are not authorised.


Sophos site is the best example that I wish to replicate on my site. You type in the following URL in your browser and try to download the file. It will redirect you:
http://www.sophos.com/downloads/product ... l/angz.exe

However if you register with them and then click on the same link (After registering you will see options to download antivirus on a HTML page), downloading will start. I don't think that Sophos site is using any scripting language to perform this task. Looks like it is all set in IIS.


Thanks

Hi,

in this case you will need to create a server side script with a html form where you can enter all the details you want.

We have somethign similar on our download sites, look here for a sample: http://www.winsyslog.com/en/download/

However, you will need to create a script yourself, possible you find some help here: http://www.hotscripts.com/ASP/Scripts_a ... more3.html

Hi,

Thanks for a quick response. I checked on your site and I found that If I type in the following URL (which is the very first product that is available for download on HTML page, after registration), it lets you download the exe file:

http://adiscon.org/download/wnsyslog37.exe

Follow the following steps:

1. Open a browser window
2. Access http://adiscon.org/download/wnsyslog37.exe
3. Downloading will start

Now Follow the following steps:
1. Open a browser window
2. Access http://www.sophos.com/downloads/product ... l/angz.exe
3. Downloading will not initiate. Instead it will take you to some other page.
4. Now on that page click on " I would like to evaluate Sophos software "
5. Choose Home user, any country and click submit
6. Fill in registration form and click submit
7. On next page, click on "Sophos Anti-Virus for Windows NT/2000/XP"
8. On next page, click on "Sophos Anti-Virus for Windows NT/2000/XP"
9. Now click on "angz.exe" link and downloading will start
10. Now open a new browser window and try to access the same download URL that is: http://www.sophos.com/downloads/product ... l/angz.exe

and it won't let you download the file. It only lets you download the file in the same browser window where you registered. One way of doing this is using session variables but in this (Sophos) case the URL is directly pointing to the exe file rather than any script file (ASP, JSP, CFM).

Cheers...
Viv

However If I type in

Well, let me jump in. I am not sure what you are trying. If you intend to have a customer evaluate a product, I think Sophos approach is not very smart...

... and I would think twice before doing the same thing.

Look, our ultimate goal is to have the customer evaluate the product. As a side-effect, we would also like to gather some data that helps us streamline our web-presence, resource placement (geographical spread of web servers) and link-partners. Howerver, this is not that important to us. Not even the real name or email address, as we don't intend to spam customers (another easy way to make them go away ). So we are quite happy if someone comes along the direct link (which may change due to technical requirements) we are happy to serve this file. No big deal if somebody goes ahead and "reverse-engineers" this...

Obviously, if you intend to sell that file, this is not the way to go. Then you must make sure it is only downloadable after purchase.

But again, if you intend to make someone give your downloadable a try, I wouldn't try to make it to hard for these folks to get hold of it (I have to admit that current industry trends go into the opposite direction, which in my point of view is a total failure and extremely bad customer service).

If you need this approach, you are right, there is no "out of the box" solution in IIS (or whatever web server I know). A decent level of programming is definitely required - and be sure to make it as bulletproof as possible (if you expect that people try to steal your digital good, you need to to apply a good level of anti-piracy technology - or use DRM). All of this, obviously, does not come for free and sometimes (see music industry) makes customers offset.

So my non-technical suggestion is to think hard about the requirements (if not already done so;)) - and if you need the restrictive approach, be sure to hire a good programmer with a prooven track record in secure systems.

My 2 cents...
Rainer

As you said you don't mind users downloading your products as you wish them to evaluate the software (As per your goal - which is brilliant). However in my case I don't wish them to evaluate. That is why I wish to restrict the access.

I came across Sophos site few days ago and couldn't manage to figure out how this is working as the link is poinging directly to the exe file. I am not very sure if they are using any programming language.

Anyway thanks for your 2 cents...and let me know if you manage to figure it out before me.

Cheers...
Viv

Hi,

for a fast solution in your case, use authentication in the directory where you are providing the Installation set.

The disadvantage with this is, you would either have one User account for all downloaders, or have to create a dedicated user account for each one.

Or you could have a page that reads the file and does a BinaryWrite to the client. That way you can keep the file outside of the web folders, and have it only accessible from the download page. That way there is no way someone can use a link to directly download the file, it would have to go through the download page.

Troy