Videos and XML protection

Fix it!!

Videos and XML protection

Postby indyp » Sat May 02, 2009 11:33 am

Hi,

I am very new to htaccess and the rules.

I need to stop people stealing video files (FLV, WMV) of my server, which are owned by copyright content owners. I have come across them on youtube :(

Plus, I want to stop them accessing XML playlist files (so to stop them being able to find the location of video files on the server).

People have used the full URL to download the videos i.e.

http://www.mysite.com/videos/intersport.flv

They then get the option to save or play the file from their browser. I want to stop this from happening.

Please tell me how I can stop them using htacess. There is a root htaccess file which works with the site's software. However, I can put a file in the videos folder but what does it need to contain???

Any help will be highly appreciated.
indyp
 
Posts: 2
Joined: Sat May 02, 2009 11:23 am

Postby indyp » Sat May 02, 2009 4:10 pm

Since the first post. I have tried the following. The .htaccess file was placed in the 'videos' folder.

Code: Select all
AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite\.com [nc]
rewriterule .*\.(flv|mpg|wmv)$ - [F,nc]
<Files .htaccess>
order allow,deny
deny from all
</Files>


Now the hotlinking seems to have stopped but I cannot play any of the videos ... Which is worse ... :(

Are there any issues with relative path versus absolute?
indyp
 
Posts: 2
Joined: Sat May 02, 2009 11:23 am

Postby richardk » Sun May 03, 2009 9:27 am

It can't be done. If the file gets sent to the browser the user can access it.

The closest you can get is hotlink protection but it is very unreliable, the Referer header can be faked, removed or empty. It is unlikely to work with media players/plugins because they usually don't send a Referer header so it will show up as empty (this is likely the cause of your problem). If you allow empty Referers then you allow direct access (typing the address in the address bar).
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 1 guest

cron