HTTP 404 Error when downloading books with Moon+ Reader

[MaObOriginal]

When I try to download books via my COPS instance, I get a 404 error with the Moon+ client. It works smoothly in the browser. Is that a configuration problem?

172.17.0.2 - maja [24/May/2018:11:22:52 +0200] "GET /feed.php HTTP/1.1" 200 3537 "-" "OPDS/Stanza iPhone/Aldiko/Moon+ Reader(Android)" 172.17.0.2 - maja [24/May/2018:11:22:56 +0200] "GET /feed.php?page=11 HTTP/1.1" 200 18119 "-" "OPDS/Stanza iPhone/Aldiko/Moon+ Reader(Android)" 172.17.0.2 - maja [24/May/2018:11:23:03 +0200] "GET /feed.php?page=12&id=8 HTTP/1.1" 200 13043 "-" "OPDS/Stanza iPhone/Aldiko/Moon+ Reader(Android)" 172.17.0.2 - maja [24/May/2018:11:23:17 +0200] "GET /fetch.php?data=108&type=pdf&id=93 HTTP/1.1" 404 5 "-" "OPDS/Stanza iPhone/Aldiko/Moon+ Reader(Android)" 172.17.0.2 - maja [24/May/2018:11:23:42 +0200] "GET /fetch.php?data=108&type=pdf&id=93 HTTP/1.1" 200 13143096 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36"

[horus68]

Check if your user agent definition is correct (see line from index.php

if (preg_match('/(MantanoReader|FBReader|Stanza|Marvin|Aldiko|Moon\+ Reader|Chunky|AlReader|EBookDroid|BookReader|CoolReader|PageTurner|books\.ebook\.pdf\.reader|com\.hiwapps\.ebookreader|OpenBook)/', $_SERVER['HTTP_USER_AGENT'])) { https://github.com/seblucas/cops/blob/bb97fd591a2faf2bccd9c9d5b0f18ebf9297fcb6/index.php#L14

[MaObOriginal]

I haven't changed anything like this and user agent says

OPDS/Stanza iPhone/Aldiko/Moon+ Reader(Android)

Is it correct that I am forwarded to feed.php although the download starts with fetch.php? Would that be wrong?

[MaObOriginal]

It's working when I deactivate:

$config ['cops_fetch_protect'] = '0';

However, from then on my fetch.php will not be protected from direct access.

• If you use a Sony eReader or Aldiko you can't download ebooks if your catalog
  • is password protected. A simple workaround is to leave fetch.php not protected (see .htaccess).
  • But In that case your COPS installation is not completely safe.
  • Setting this parameter to "1" ensure that nobody can access fetch.php before accessing
  • index.php or feed.php first.

[seblucas]

It means that Moon+ Reader does not store / reuse the session cookie generated by COPS. I thought that only Aldiko needed that workaround. Did you try with <FilesMatch "\.php$"> in your htaccess ?

I really don't what I can do to fix that if the OPDS client does not reuse the password (authentication) and also don't store the session cookie.

[seblucas]

You should not see the thumbnails either right ?

[MaObOriginal]

I don't have a .htaccess file. I'm using a nginx-proxy and there is only a .htpasswd file.

https://hub.docker.com/r/jwilder/nginx-proxy/ https://github.com/jwilder/nginx-proxy

I checked if I have direkt access to the fetch.php and that seems to be blocked. So the "cops_fetch_protect" workaround seems to work for me without loosing the security protection.

[MaObOriginal]

Some thumbnails I see and some I don't.

[seblucas]

If you're using a nginx-proxy then $config ['cops_fetch_protect'] should not be be needed. It should fix your problem while still forbidding direct access.

If you only see some thumbnails it usually mean that the OPDS reader keeps some sort of cache and at least once you disabled password protection.

[seblucas]

Does the thumb up means that this issue can be closed ?

[MaObOriginal]

Thanks for the cache hint.

For me the problem seems to be solved and the issue can be closed. Thanks!

[seblucas]

Thanks