Forbidden Direct Download HTTP Filter

• Download source - 8.03 KB
• Download ready-to-use DLL - 687 KB

Introduction

This DLL will enable an IIS website to redirect all requests to the home page when there are requests for EXE, RAR, Zip files that have no reference or have a reference from outside of your own web site. For example, if someone tries to download http://www.yoursite.com/download/dd.exe by clicking on that link from another site, they will be redirected to http://www.yoursite.com/.

Background

A few days ago, I discovered that 80% of the traffic to my website is to download an EXE file which I give as a free download on the Internet. After check with the page view traffic, I found that users were downloading the EXE file without even looking at my web page. :( I did some search on the Internet and realised there are no free tools to stop this and to find the difference between direct download from a link in another site and download from my own website. I decided to write an HTTP filter to do this.

Key knowledge: When downloading a file from your website by clicking on a link from another website, the page will have an HTTP_Reference value which has the name of the other website. For example, if someone tries to download http://www.arcai.com/download/netcut.exe by clicking on that link from http://www.othersite.com/downloadlink.html, then the HTTP request to your website will come with a HTTP_REFERER: http://www.othersite.com/downloadlink.html.

If someone tries to download files directly (not from another web page), the HTTP_REFERRE will be empty. And, if someone tries to download http://www.arcai.com/download/netcut.exe by clicking on a link from your own website, then the HTTP_REFERER will have your website's URL.

This can be detected by programming on the HTTP FILTER DLL project.

So, a few hours later, this project was released. It is very simple: a one line fix to the source code of the default ISAPI project of VC++ 2003. Actually, only one virtual function has been overwritten. No configuration is needed to use this tool. I had this tool enabled on one of my sites with in a second after its release. And, it has been running very well. Here is a demo. Click on the link, and you will be taken to http://www.arcai.com/, and from there, click on the download link, and you can then download the file.

Using the code

There are two parts that were modified in the default CHttpFilter project.

1. I addrf a SF_NOTIFY_URL_MAP to dwflags, so our OnUrlMap will be run.

//
//
BOOL CNoDirectExeFilter::GetFilterVersion(PHTTP_FILTER_VERSION pVer)
{
   CHttpFilter::GetFilterVersion(pVer);

   pVer->dwFlags &= ~SF_NOTIFY_ORDER_MASK;

   pVer->dwFlags |= SF_NOTIFY_SECURE_PORT | SF_NOTIFY_NONSECURE_PORT | 
                       SF_NOTIFY_END_OF_NET_SESSION | SF_NOTIFY_URL_MAP;
   pVer->dwFlags |= SF_NOTIFY_ORDER_LOW;

   TCHAR sz[SF_MAX_FILTER_DESC_LEN+1];
   ISAPIVERIFY(::LoadString(AfxGetResourceHandle(),
         IDS_FILTER, sz, SF_MAX_FILTER_DESC_LEN));
   _tcscpy(pVer->lpszFilterDesc, sz);
   return TRUE;
}

2. We overwrite a virtual function OnUrlMap. This function checks all the HTTP requests, and deals with all requests for EXE, zip, and RAR files (you can add more file extensions to the source code by simply fixing it).

DWORD CNoDirectExeFilter::OnUrlMap(CHttpFilterContext* pfc, 
                          PHTTP_FILTER_URL_MAP pUrlMap)
{
   DWORD dwSize;
   
   CString sPath;
   sPath=pUrlMap->pszURL;
   sPath=sPath.Right(3);
   if(sPath.MakeLower()!="exe"&&sPath.MakeLower()!= 
             "zip"&&sPath.MakeLower()!="rar")
      return SF_STATUS_REQ_NEXT_NOTIFICATION;
   //if add more file ext here.

   
   bool bHaveReferer=false;
   
   char szAddress[255];
   memset(szAddress,0,255);
   dwSize = sizeof(szAddress);
   
   CString Referer;   
   
   //Get HTTP_REFERER Value

   if (pfc->GetServerVariable("HTTP_REFERER", szAddress, &dwSize))
   {       
      Referer=szAddress;
      Referer=Referer.MakeLower();
      bHaveReferer=true;
   }

   memset(szAddress,0,255);
   dwSize = sizeof(szAddress);
   //GET SERVER VALUE   

   CString ServerName;
   if(pfc->GetServerVariable("SERVER_NAME", szAddress, &dwSize))
   {
         ServerName=szAddress;
         ServerName=ServerName.MakeLower();
         if(bHaveReferer)
         {
            if(-1==Referer.Find(ServerName))
               bHaveReferer=false;
         }
   }

   if(!bHaveReferer)
   {
      CHAR szRedirect [256];
      
     sprintf(szRedirect, "Location: http://%s\r\n\r\n", ServerName.GetBuffer(0));
     pfc->ServerSupportFunction ( SF_REQ_SEND_RESPONSE_HEADER, 
            (LPVOID) "302 Redirect", 
            (DWORD *) szRedirect, 
            0 );
     
      // we are done with this request

      return SF_STATUS_REQ_FINISHED_KEEP_CONN;
   }
    
   return SF_STATUS_REQ_NEXT_NOTIFICATION;
   return CHttpFilter::OnUrlMap(pfc, pUrlMap);
}
//

How to use

1. Download the ready-to-use DLL file, and unzip the files into any folder accessible by IIS, like C:\winnt\system32\.
2. Go to the ISAPI filter setting of the website which you want to enable these features.
3. Click on the Add button and select nodirectexe.dll.
4. Restart W3SVC.

Now, all your EXE, zip, and RAR files are under the protection of this DLL. All direct downloads and downloads by click on links other than that on your own website will be redirected to your front page URL.

Points of interest

Do it yourself sometime is the only and the best way. Oh, you will need C++ !!. :)

History

This is first time release. My home Page will have a more recent version released.