View Full Version : HTACCESS for vid files

06-10-2010, 09:40 PM
Ok what I want to do is this. I would like to be able to block all outside access to video files I have on my site in certain dirs. In other words if a player on another domain tries to play them or someone using a direct link tries to download, they get error. But if the flash player on my domain that links to them accesses them, then it plays on my page only? Is there a way to get htaccess to do this, or another way?

06-11-2010, 01:52 AM
Nothing unusual about this: just use a normal "no hotlinking" method. Htaccess will be fine.
If you want it to apply only to videos, you may need to add an extension or list of extensions in the code.

Note that this is not foolproof: the referrer (site from which the request came) may be faked (it's just info sent from the user's browser to your server-- if someone knows how, they can modify it), and in some cases it won't be sent at all.
They can also get around this problem by cutting and pasting the URL.

But it will probably stop at least 95% of embedded videos on other sites, and most direct linking.

06-11-2010, 12:41 PM
Ok that's what I thought. Though I had some problems testing it on my local xampp install, nothing would work for some reason, just kept getting errors. Will try on my linux server.

Is there any way to stop it from someone downloading it using the cut and paste url method? I don't want them to be downloaded either.

06-11-2010, 06:44 PM
No. The "Referrer" is the only way to tell where they came from. I suppose you could block anyone (for 24 hours?, by IP) who has attempted to "hot link", but that seems harsh and will block visitors who figure out to view it from your site.

You could THEORETICALLY block "empty" referrers, in the sense that only people who are using links from your site would be able to download it. But this is a bad idea for two reasons:
1. Some browsers just don't use a referrer. It's fine to block people if they DO have something 'bad', but to require it from something 'good' will block some people permanently even if they do some from your site.
2. Some situations simply don't have referrers: there's no difference between right click, "copy link location" and pasting that in a new window and doing the same thing from an external site. What about a download manager?

You could of course not upload the files at all, or make them only available to people who are logged in, or just put them in a password protected area.

Now if you are attempting to block downloads entirely, that's a slightly different situation, but it's basically impossible. The best you'll be able to do is make the link hard to find (if it's embedded in flash, for example, it's not immediately available), but anyone motivated enough can get around any methods you have to try to "block" downloading.
The web works like this anyway: the content is requested by the user and your server sends it to them-- that is, they always download it, or they never view it.
By 'downloading' you mean "saving", so you want to find a way to stop people from saving the video, and because it's already on their computer (as a temporary file at least), it's all but impossible to do this.
However, videos are the most complex in this sense (unlike images or source code, for example), so there are some ways to make it annoyingly complex to figure out how to download it, but they're not easy to setup either.
The only way that offers any real guarantee of stopping lots of users is to having a streaming video rather than a video file: you'll need some sort of media server for this, such as a flash media server (which costs about $4,000), or perhaps an open source version (look into Red5). There are other formats out there, and you can get a quicktime media server, windows media server, etc.

06-12-2010, 01:34 PM
I never even thought about a media server, hmm. I don't know for sure but my VPS might actually have one already installed. As far as the rest goes yes I do understand, and the people viewing it anyways are going to be registered users who pay a subscription fee to get in to view the vids.

But I wanted a little extra there. The only other option I can think of is using a PHP file to stream it to the JW player, which according to their site is possible, I will just have to mess with it. And store vid names in the DB ultimatemly. I will play around with it then, but that media server is a good idea I hadn't thought of.

Thanks for the help.