Quantcast

block sv_downloadurl for client side

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

block sv_downloadurl for client side

helpme_please
hi

possible? for block or not show command sv_downloadurl for client side
because. other server will know and can use sv_downloadurl my server or your server

Make an impact high bandwidth.
and server can Not available. maybe this is ddos from other server

not good idea for show sv_downloadurl client side


What did you think? ...
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

Robin Groppe

If people really wanna know, they will anyways.


Am 08.08.2016 23:56 schrieb "helpme_please" <[hidden email]>:
hi

possible? for block or not show command sv_downloadurl for client side
because. other server will know and can use sv_downloadurl my server or your
server

Make an impact high bandwidth.
and server can Not available. maybe this is ddos from other server

not good idea for show sv_downloadurl client side


What did you think? ...



--
View this message in context: http://csgo-servers.1073505.n5.nabble.com/block-sv-downloadurl-for-client-side-tp11938.html
Sent from the CSGO_Servers mailing list archive at Nabble.com.

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

iNilo
Security through obscurity.

Hiding the download url will do NOTHING, anyone with anything like wireshark, or even a process explorer will get the URL.

If you are really bothered by people using your fastdl there are some stupid things you can do.

Corrupt the maps. hex edit surf_map_name, corrupt it, put in on your fastdl. use another version for your own.
Make a script that corrupts the maps automatically (php, whatever).
Make a script that changes the download url to something your fastdl will understand. http://example.com/sssxxxxyyyy/
backed by a (php,whatever) so it knows the url changed, this will automate the "randomness" and force whoever is using your url to change it manually.

Be creative or don't bother caring about it at all.

2016-08-09 0:00 GMT+02:00 Robin Groppe <[hidden email]>:

If people really wanna know, they will anyways.


Am 08.08.2016 23:56 schrieb "helpme_please" <[hidden email]>:
hi

possible? for block or not show command sv_downloadurl for client side
because. other server will know and can use sv_downloadurl my server or your
server

Make an impact high bandwidth.
and server can Not available. maybe this is ddos from other server

not good idea for show sv_downloadurl client side


What did you think? ...



--
View this message in context: http://csgo-servers.1073505.n5.nabble.com/block-sv-downloadurl-for-client-side-tp11938.html
Sent from the CSGO_Servers mailing list archive at Nabble.com.

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
ics
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

ics
In reply to this post by helpme_please
If you think someone is spying it and using on their server, your best
solution is to change the location daily. Like:

yourhost.com/login/downloadurl/maps -> yourhost.com/login/hithere/maps

If someone is ripping it, make sure you do it when they least expect it.
Maybe even change it after 2 hours, then differentiate the time between
changes. Eventually they get tired of this and give up because nobody
wants to have maps not downloading to users and server empty.

-ics

helpme_please kirjoitti:

> hi
>
> possible? for block or not show command sv_downloadurl for client side
> because. other server will know and can use sv_downloadurl my server or your
> server
>
> Make an impact high bandwidth.
> and server can Not available. maybe this is ddos from other server
>
> not good idea for show sv_downloadurl client side
>
>
> What did you think? ...
>
>
>
> --
> View this message in context: http://csgo-servers.1073505.n5.nabble.com/block-sv-downloadurl-for-client-side-tp11938.html
> Sent from the CSGO_Servers mailing list archive at Nabble.com.
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

helpme_please
In reply to this post by iNilo
hum. yes i know wireshark. but i think hide sv_downloadurl. better
- Why client should know.
- Why other game... example BF3 4 not show link downloadurl to client
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

hlstriker
https://forums.alliedmods.net/showpost.php?p=1163147&postcount=10

I can't confirm if this works for CS:GO or not as I don't use this method. It *should*. Obviously the post is written for Apache web servers.. tailor it to fit whatever web server you use.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

Nomaan Ahmad
Remember that determined players can still find the real URL. But it's not that easy as typing sv_downloadurl while connected.

On 9 August 2016 at 02:11, hlstriker <[hidden email]> wrote:
https://forums.alliedmods.net/showpost.php?p=1163147&postcount=10

I can't confirm if this works for CS:GO or not as I don't use this method.
It *should*. Obviously the post is written for Apache web servers.. tailor
it to fit whatever web server you use.



--
View this message in context: http://csgo-servers.1073505.n5.nabble.com/block-sv-downloadurl-for-client-side-tp11938p11943.html
Sent from the CSGO_Servers mailing list archive at Nabble.com.

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers


_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

helpme_please
This post was updated on .
thank for help. xD  https://forums.alliedmods.net/showthread.php?p=1572227
but not work in csgo

Warning!
Don't use this in CS:GO game (or even L4D games)
Players stuck loading screen when they join to server.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

lay295
In reply to this post by helpme_please
Just use the suggestion hlstriker posted, or change your url often. Also you asked why clients should even know the url, well the clients needs to connect to it to download the files, and if the client connects to it at all then it's possible to find it.

You want a solution to your problem and people are giving you answers but you seem to be very set straight in just hiding the download url, well the short answer is you can't.

Best look into those http headers ;)
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

DKA- MUG
In reply to this post by helpme_please
Why not put the maps on steam workshop?
That way you don't need the download server.



> Date: Mon, 8 Aug 2016 19:05:24 -0700

> From: [hidden email]
> To: [hidden email]
> Subject: Re: [Csgo_servers] block sv_downloadurl for client side
>
> thank for help. xD https://forums.alliedmods.net/showthread.php?p=1572227
> but it not work for csgo
>
> Warning!
> Don't use this in CS:GO game (or even L4D games)
> Players stuck loading screen when they join to server.
>
>
>
> --
> View this message in context: http://csgo-servers.1073505.n5.nabble.com/block-sv-downloadurl-for-client-side-tp11938p11945.html
> Sent from the CSGO_Servers mailing list archive at Nabble.com.
>
> _______________________________________________
> Csgo_servers mailing list
> [hidden email]
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

helpme_please
In reply to this post by lay295
yes i know. "if the client connects to it at all then it's possible to find it."
I mean hidden sv_downloadurl. Not show sv_downloadurl But still can download. lol

oh you sure ? for "well the short answer is you can't."
i found some csgo server. Now they can fake sv_downloadurl to client side

Why not put the maps on steam workshop?
because. i want to upload materials and models too.

I am tired change sv_downloadurl and fastDL. Every two hours.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

Niklas Grebe
Besides the already mentioned methods of cycling the download urls or these fake url plugin I would prefer to create a session bound to the clients IP on the fly while the server is doing the connection handshake. This would be a proper way of handling this “issue”.


Greetings

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

signature.asc (465 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

Robin Groppe

But this would mean that the Gameserver needs to communicate with the Webserver in any way. This is overcomplicating things in most Setups and may cause new Security issues on the Webserver side.
How much Traffic do you have?


Am 09.08.2016 08:51 schrieb "Niklas Grebe" <[hidden email]>:
Besides the already mentioned methods of cycling the download urls or these fake url plugin I would prefer to create a session bound to the clients IP on the fly while the server is doing the connection handshake. This would be a proper way of handling this “issue”.


Greetings

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: block sv_downloadurl for client side

Niklas Grebe

On 09.08.2016 KW 32, at 09:09, Robin Groppe <[hidden email]> wrote:

But this would mean that the Gameserver needs to communicate with the Webserver in any way. This is overcomplicating things in most Setups and may cause new Security issues on the Webserver side.

It's a trade-off you have to choose - as for every security mechanism you want. The OP stated that he wants to reduce it’s traffic with the argument some are “stealing” his traffic. I would just use a CDN and don’t care anymore but it’s a cost factor and you have to choose. He chose to tackle the problem by investigation the traffic and wants to cut off the not allowed connections. Which leads to some session handling in my opinion.

How much Traffic do you have?

I don’t have any traffic because I don’t host any servers at the moment but I develop and maintain a decent amount of other HA web services with an high amount of traffic (millions of requests per day).

_______________________________________________
Csgo_servers mailing list
[hidden email]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

signature.asc (465 bytes) Download Attachment
Loading...