2

I have written a little PHP script, which limits the speed when downloading a file and which supports download resuming feature.

But the speed limit can be overrided by using download managers, which create for example 10 download sections and therefore download 10 other parts of the file at same time and reach by this method a 10 times faster speed.

I would like to know, how can i find out, that a specified user is already running a download and which HTTP status Code i need to send out in order to make Download Managers know, that they are not allowed to download other parts of the file at same time, but that download resuming feature is allowed?

EDIT: Maybe it wasn precise enough... I need actually the best HTTP status code to let downloadmanagers know, that multiple filestreams (or sections) of the same file are not allowed, but just only one.

tshepang
  • 12,111
  • 21
  • 91
  • 136
salim_aliya
  • 253
  • 2
  • 3
  • 14
  • if you don't want to allow parallel downloads, once you've figured out detection, you'd send a 403/forbidden for the extra download sessions. That or you protect the file with a single-use token, which instantly eliminates the multi-download problem. – Marc B May 15 '14 at 14:56

1 Answers1

2

You could restrict the download to one connection per IP, then send a 429 Too Many Requests HTTP code (or just 403 Forbidden) to subsequent requests.

laurent
  • 88,262
  • 77
  • 290
  • 428
  • OK, so i tried both HTTP status codes and Freedownloadmanager is writing to the log in case of code 429 as "Unknown network error" and in case of code 403 that Username or password is invalid. Are there any other possible options? Or is it just a fail-implementation by the Downloadmanager itself? – salim_aliya May 15 '14 at 15:10
  • 2
    @salim_aliya, yes it's indeed a problem with FDM. 429 is not an "unknown error" and 403 means "The server understood the request, but is refusing to fulfill it. Authorization will not help." (https://tools.ietf.org/html/rfc2616#section-10.4.4). I think they are confusing 403 with 401 (where providing a valid username and password would indeed work). – laurent May 15 '14 at 15:51