Prevent using PC browser to access WAP Push URL

Prevent using PC browser to access WAP Push URL SearchSearch

SMS & MMS Technical Forum » NowSMS Support - SMS Issues (Product Support Only) » Archive through July 14, 2004 » Prevent using PC browser to access WAP Push URL « Previous || Next »
Author Message
Anonymous
 
Posted on Monday, May 31, 2004 - 01:48 pm:   

Anyone got a clue how to prevent user to download or access the WAP PUSH URL content via PC browser but mobile phone only?
Bryce Norwood - NowSMS Support
Board Administrator
Username: Bryce

Post Number: 2716
Registered: 10-2002
Posted on Monday, June 07, 2004 - 06:22 pm:   

Assuming that the URL points to a script (rather than directly to content), you could parse the "User-Agent:" string, to try to determine if it is a phone or browser.

You could also restrict the IP addresses from which you receive connections, so that you only accept connections from IP addresses that you know to be that of the mobile operators for which you are providing service (this requires a lot of trial and error).

Another solution that can help is using dynamically generated links which you can expire after access. NowSMS supports this in its "Multimedia WAP Push" function with the following MMSC.INI setting:

MMS/Multimedia WAP Push: Add configuration parameter to delete dynamically generated links (such as those used when sending MMS or Multimedia WAP Push) after they are accessed. To enable this feature, edit MMSC.INI, and under the [MMSC] section header, add ExpireDynamicLinks=##, where ## is the number of minutes after the link is first accessed before it should be automatically deleted.

Anonymous
 
Posted on Tuesday, June 08, 2004 - 08:02 am:   

the URL points to is from nowsms dynamic link. The idea is to prevent user to download the original contents and resell. We test it using IE to access the dynamic link and we can save the wallpaper/java games/etc to PC which is not good.

How do we add "User-Agent" to nowsms created dynamic link URL script and what is the script file called? This might not be a long term solution sbut it helps as there is some freeware outthere where user can fake the User-Agent.

Expire after access wont help much as the first download can be from IE or PC browser!
Lars Nielsen, MobileNation ApS - Denmark
New member
Username: Larsmservice

Post Number: 47
Registered: 10-2003
Posted on Tuesday, June 08, 2004 - 08:25 am:   

The only safe solution for you is to find your operators IP's and only allow acess to these.
UserAgent wont work that's for sure. That is too easy to fake.
Bryce Norwood - NowSMS Support
Board Administrator
Username: Bryce

Post Number: 2734
Registered: 10-2002
Posted on Tuesday, June 08, 2004 - 05:18 pm:   

We don't have a user-agent filter in NowSMS, I was just theorising that as a possibility.

We also don't have IP address restrictions (although they could quite easily be added).

After some more thought, I'm skeptical about the "User-Agent" idea. Not only is it easy to fake (although keep in mind that even if you restrict to the operator's IP, a user with a GPRS card could come in over that same IP) ... but it's also quite difficult to build a complete list of what user agents should be allowed, and which should be disallowed. About all that could be done would be to put the standard IE and Netscape (and maybe Opera) User-Agent strings on a disallow list.

The IP restrictions is a better approach. If you don't have an easy way to do this in your firewall, I think we could get a setting added in to NowSMS within a few days.

-bn
Anonymous
 
Posted on Wednesday, June 09, 2004 - 05:12 pm:   

Correct me if i am wrong, is it not the nowsms IP restriction setting helps to solve the issue as users are accessing its built in web server when trying to retrieve contents?
Bryce Norwood - NowSMS Support
Board Administrator
Username: Bryce

Post Number: 2782
Registered: 10-2002
Posted on Thursday, June 10, 2004 - 02:13 pm:   

Right, this setting would be for the dynamic links generated when sending "Multimedia WAP Push".

This feature hasn't been implemented yet, but I have added it to the fast track list for getting added in the very near future.

-bn

Login Login / Register Logout Logout Search Last 30 Days Topics Topics