0

i have a password protected directory with hundreds of users in htpasswd file.

i want to allow download of files on these conditions:

  1. check if username is valid (already done).
  2. check if another connection with the same username exists. (the are modules to check connection from same ip exists but i have not found any based on username)
  3. if 2 is correct check if both connections come from the same IP.

in other words how to limit each user to download from only 1 ip simultaneously?

i've seen hundreds of articles and questions about how to limit number of Connections based on IP. but none based on User. to clarify by a User i am referring to a valid-user in htpasswd file.

an example : lets say i have a htpasswd with the following users:

simon:$apr1$oL5flt.H$ayy6GOm0TblhH3lJXqf9o0
john:$apr1$JLGdTKlz$72ImnSlauIsCRV4lkrqE3/

and i've added require valid-user to htaccess.

  • john connects to get file.zip from 192.168.2.8 with 1 connection. (allow)
  • john makes another 31 connections to a total of 32 (or any number really) from 192.168.2.8.(allow)[because ip matches already active connections]
  • john connects from 192.168.2.9 to get any file before closing previus connections .(deny)[because active connections have different ip]
  • simon connects from 192.168.2.8 (same ip as active connections) , (allow)[no other connections from simon]
  • john from 192.168.2.8 finishes downloading file.zip
  • john from 192.168.2.9 wants to download a file (allow).

thanks in advance.

Bor691
  • 213
  • 4
  • 14

1 Answers1

0

Use iptables? This below may not be perfect but I hope it points you in the right direction. If you have multiple virtual hosts, where you don't want this restriction, you may have to place it on a separate IP or play with the destination a bit.

/sbin/iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 1 -j REJECT --reject-with tcp-reset
David Eisen
  • 633
  • 5
  • 21
  • how is this related to question ? i specifically noted in question i don't want to `limit connection based on ip` rather based on `username` in htpasswd file , there is like 50 questions about what you said in Server Fault , please read the question again... – Bor691 Aug 09 '14 at 15:39
  • also in question i noted that each user should be able to get over 32 connections from the same ip , your solution does not allows that yet it allows same user to download from multiple ip's , so kind of opposite of what i asked for ... although i thank you for your time to post an answer but unfortunately it was not really helpful :( – Bor691 Aug 09 '14 at 15:43