mod_auth_token is a apache module that can be used to sign URLs, using this it can create time based urls that expire after a certain amount of time. It will prevent hot linking as the URLs will expire. This is particularly useful with video and image sharing.
To get started you will need to have an Apache installation already present. If you need to set this up please set Compile Apache 2.4 From Source.
Install mod_auth_token:
First ssh into the server and get the required packages:
cd /usr/src; wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/mod-auth-token/mod_auth_token-1.0.5.tar.gz
Un-compress the archive:
tar xfvz mod_auth_token-1.0.5.tar.gz
Go into the directory
cd mod_auth_token-1.0.5
Configure it:
./buildconf && ./configure
Install It:
make && make install
Restart Apache to make sure it loads without a error:
service httpd restart
Make sure the module is loaded:
# httpd -M 2>&1|grep auth_token auth_token_module (shared)
You should see auth_token_module in the results
Configure Apache for mod_auth_token
You will need to edit the apache configuration and add the following to the domain you want protected by mod_auth_token:
<Location /download/> # Secret key, can be anything random AuthTokenSecret "randomstring" # directory to protect AuthTokenPrefix /protected/ # Timeout length, this is in seconds AuthTokenTimeout 300 # limit requsts by IP AuthTokenLimitByIp off </Location>
Restart Apache again:
service httpd restart
To test that it is working create a php file to generate a URL
<?PHP $secret = "randomstring"; // AuthTokenSecret $directory = "/[protected/"; // AuthTokenPrefix $hexTime = dechex(time()); // Time in Hexadecimal $url = "http://www.example.com"; // Replace this with the domain $filename = "/$filename"; // Filename $token = md5($secret . $filename. $hexTime); $url = $domainname . $protectedPath . $token. "/" . $hexTime . $filename; print $url; ?>
Go ahead and run that php script and it will output the URL, if you are able to access it. The module is working correctly. You can read more about mod_auth_token on code.google.com
