Lighttpd

1. This kind of IP-based filtering utterly fails when the end-user is behind a proxy, severely limiting its usefulness
2. If it were to be used, the time-based authentication would be redundant, as the goal (preventing other people from using the same link) would already be fulfilled.

So, if you still choose to add this feature, an extra option, secdownload.use-time (which defaults to 1 or true) has been added so that if IP filtering is enabled

• Compatible up to r2717
• Uses standard boolean configuration options ("enable" and "disable" for use-time, use-ip-addr)

patch updated for 1.4.30

somebody offered this as a job on freelancer.com and there was a bid for $200
I decided to do it for less than that...
After reading the terms on the site, I decided that rather than underbid, I would just do it for free.
freelancer.com wanted to take a 10% cut and charges to be able to even bid on project... FUCK that

update for free software shall be free as well

I don't even use this but I did it because I can (and using a BugMeNot login to donate it without the hassle of registering yet another bug tracker account)

Thank you, anonymous (eryretqwewrqr) for the (at that time) updated patch. FYI: the reason for requiring registration is to cut down on search engine optimization spam posts, and we're sorry for the inconvenience.

About the patch: as noted, including IP address will break requests coming through proxies.

Separately, removing time from the link is not recommended since lots of people could proxy through the same IP, not just the original requestor.

Given these limitations, the patch has limited utility on the general internet. However, if there is still interest in this patch, please post an update here. I am willing to be convinced about optionally adding IP to the hash as long as it is not enabled by default.

mod_secdownload is no longer part of lighttpd base distribution
For replacement, see mod_magnet and lua mod_secdownload