New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Prevent hotlinking of mp4
Hey Community,
I have another problem again ..
I want to prevent other people to hotlink to my mp4 files. My case is like this.
Domain1.tv is running on apache
video.Domain2.pw is running on nginx. And I want to prevent other people to link to my video files: video.Domain2.pw/category/video1.mp4
I tried some suff over google but it didn't work over .htaccess file (but it works good with pictures).
Comments
Use a script to handle the mp4 downloads, check the referrer string.
Not bullet proof but will deal with most
how can I do this, I am not a professional in this area, I must search for some tutorials, can be a more speicific, please?
I am streaming this mp4 files with a flashplayer on Domain1.tv
store the MP4s outside of a web accessible directory, then instead of
video.mp4have a script calledvideo.phpand access it like thisvideo.php?video=video.mp4Then your
video.phpscript should get the video name, make sure it's a genuine file (and not something other than a video file) and serve the file that way usingreadfile()And then in that file you can use sessions to make sure that user has already visited the site and done whatever they needed to do (log in, etc.), otherwise exit the script and don't provide the MP4 file.
Step 1: Install nginx, it's much better at handling static files anyway
Step 2: add these lines to the site config:
location ~* .(mp4)$ {valid_referers none server_names domain1.com www.domain2.com;
}
if ($invalid_referer) {
return 403;
}
Step 3: Fix my possible errors
Step 4: Be happy you don't have to deal with apache anymore
Or simply do something like this:
RewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^http://(www.)?domain1.com/.$ [NC]
RewriteRule ^..(mp4)$ - [F]
Found on: http://www.cyberciti.biz/faq/apache-mod_rewrite-hot-linking-images-leeching-howto/
I'm not very fond of serving files with scripts, it's rather slow with no real benefits in this case.
This PHP code might work:
You can use security headers to prevent your content from being displayed on any browser if it is hotlinked/clickjacked. So while the browser will download the image/video, it will refuse to display it.
For a single-domain, you could do this in your NGINX conf file (similar options exist for Apache)
Your case is a little more-complicated because of multiple domains. You could do
Allow-from *.domain1.pw, *.domain2.pwbut it is not supported by all browsers. You can try the newer CORS headers likeAccess-Control-Allow-Origin. Take a look at CORS and Frame Options . BTW, older IE browsers dont support CORS, and needX-Frame-Options.Ugh, almost there. That will be a great day.
Generate a unique token per request bound its IP address.
Guys that sounds so complicated, didint expect that
prono sitesimi kurmaya calisiyorsun emre
use this script - http://clip-bucket.com/
The best way for this is to do token based expirable web URLs....
Here is what you should do..
When domain1 is loaded it sends a request to generate a token...
And all the links of domain2 come with the token...the token expires after some time
...Also..you could add following restrictions
1.Counter limit(link expires after 3-5 authentic requests
2.HTTP refer method
3.IP location
@emre22
I am not sure if this would work...but here is my another idea...
Encrypt the content with DRM
And then play is using HTMl5 DRM decryption...
If they hot link... They get garbage
https://github.com/kaltura/nginx-secure-token-module