I'm currently making a website with videos on it, however, I want to avoid as much as possible people being able to download them (I know that this is not 100% achievable, but there are ways to make it harder).
Here's my filesystem
- main folder/
- watch.php
- videos/
- .htaccess
- example video.mp4
- streamer.php
And here's my codeWatch.php:
<video src="videos/streamer.php"></video>
streamer.php:
<?php
$stream = new VideoStream("example video.mp4");
$stream->start();
?>
.htaccess:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?([^/]+)/.*$ [NC]
RewriteCond %2#%{HTTP_HOST} !^(.+)#(www\.)?\1$ [NC]
RewriteRule \.(php|mp4)$ - [F,L,NC]
Additional: The server is running loacally, and such does not have a domain name.
The video streams fine from watch.php but if you open the video source (streamer.php) you will be allowed onto the page, where you can then download the content.
What I want to happen is for the video to stream fine to watch.php but if you open streamer.php you are blocked from seeing the content.
Can anyone help me with this? I've tried just about every solution I've looked up and I can't manage to get any to work. Thanks
[EDIT]: Most preferably, this would be done in the .htaccess file so that I can also block people from entering example video.mp4
Related
I'm currently maintaining a website. Our site has a resource which is a .pdf files and a .docx files. Those resources are meant for the internal staff. But recently I found that by searching on google, our resources can be accessed from google.
There's a solution by adding no-index meta tag on the html so that the resources cannot be indexed by google, but I want another layer of protection. I found a solution but I forget where did I get it from. And I have a code like this:
RewriteCond %{REQUEST_FILENAME} ^.*(pdf|doc|docx)$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?eoffice-bkad.kotabogor\.go.id/ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?view.officeapps.live\.com/ [NC]
RewriteRule . - [R=403,L]
That code works, and it return 403 page when accessed if the http referrer is not from the first url.
But that code is also giving another problem, the code also blocked <iframe> tag inside the html
I'm using Microsoft Office Live preview so that the user can preview the file that they uploaded.
How can I solve this?
Any solutions would gladly be welcomed.
Thank you.
I'm trying to use mod.rewrite to deny direct access to files on my web server, e.g. http://domain.tld/reports/imareport.pdf or http://domain.tld/img/img1.png, and I've used the answer on this question:
(htaccess) How to prevent a file from DIRECT URL ACCESS?
That page suggests using mod.rewrite like this:
RewriteEngine on
RewriteRule \.(png|pdf|htm)$ - [F]
Using mod.rewrite in this manner works fine for denying access to PDFs, but other files that are ordinarily included in a page such as images and css are not only blocked from direct access, but also blocked when used on a webpage in a normal <img> tag or whatever. This is contrary to the question and answer mentioned above.
So... my question is... is there a way to block direct access to files but still allow them in webpages?
Thanks Mark Phillips, I didn't fully appreciate what these two rewrite conditions were doing for me:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
So I had managed to mess them up. Things worked as needed when I used the code just as it was.
I have a blog with images. I do not want that the images are directly accessible through the URL (and also not for Googlebot and other bots)... for example... mysite.com/assets/images/img1... etc. So I thought to password protect the images directory with .htaccess. That worked, only front-end all my images became links, and I had to provide my credentials to make them show. How can I make my images show yet NOT make them directly accessible when typing the corresponding URL and the images URLs (or better yet the images directory) NOT accesible for bots to crawl/index?
Don't go with password protection. The right way to do it would be to filter the requests based on the referer URL. If the request originates from your own site then it's ok. Otherwise the request is trying to get an image directly.
I've found this site with detailed instructions on how to do that: http://altlab.com/htaccess_tutorial.html
Taken from the mentioned site:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://url_to_default_image.gif [L]
Note that you would have to enable mod_rewrite in your Apache server.
Btw, just asking. Why don't just let people get the image directly if they want to?
Redirected from here, I need to prevent access of PDF (or any other) file types, when someone access it using direct URL.
The Problem
Say you had a PDF file that you’d like visitors on your own site to download.
However, if someone were to copy this link and call it from a browser window directly, or if they were to post the link to you PDF on another website then the document shall not be accessible. By default it is.
I am successful in hiding the pdf file path in address bar and the url formed is http://localhost/myproject/web/viewer.php?id=11&name=sample.pdf, but in console one can see the complete path like http://localhost/myproject/document/11/sample.pdf.
This code redirects successfully on second time page reload, but not when I select Open in new tab from console.
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{REQUEST_URI} !hotlink\.(pdf) [NC]
RewriteRule .*\.(pdf)$ http://google.com/ [NC]
Used below code in .htaccess to prevent access
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(pdf)$ - [F]
Somehow it does not work accurately. It shows file forbidden message only if I hit CTRL+SHIFT+R key otherwise using the file URL I can still access it.
I want to prevent the pdf file showing as http://localhost/myproject/document/11/sample.pdf directly in the url bar
If you have access to a database, maybe you could store the file/s in a blob field. This way you can easily write code to protect the file how you like.
You can store PDF files not in webroot folder and return it content use PHP. For example for user URL will be like:
http://localhost/myproject/document.php?hash=some_hash`
and on file document.php you will get document hash from $_GET parametr use file_get_contents function. Also in this case you can allow access only once
I hope it will help
I have player.php file which calls the video player to play a certain video. How can i block certain sites from accessing this file and using it to embed videos on there site. In other words What code can i use inside player.php to block certain sites from accessing this file only.
You can do this on three levels.
1) Web server
For instance, using .htaccess file if you're on an Apache server.
This could be done with a rewrite that pushes them to some dummy file or 404 or whatever you like. For example:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC]
RewriteRule .* - [F]
This is really the ideal way because it precludes the need to interpret PHP.
2) PHP
In your page, use the $_SERVER['HTTP_REFERER'] (which may not be set if there is no referrer) and search for the domain in question in the string.
This is second best, and may be your only option if you can't alter the Apache configuration.
3) Javascript
Doesn't really prevent access to anything, because the check happens client-side (they've downloaded player.php and the Javascript itself prior to running it). If they went directly to the video or whatever, it wouldn't stop them from getting the file. You would use the document.referrer and search for the domain as with the PHP example.
If you are using Apache and have access to your .htaccess file, I suggest you use that instead. This page is an excellent resource.
You could try something like this, assuming player.php is in your web root:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^player\.php.*
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your-domain\.com/ [NC]
RewriteRule .* http://your-domain.com/please-dont-steal\.php[NC]
You're better off dealing with this issue server side, so PHP is a good bet. You'll need to examine the HTTP referrer header to see whether you're being hotlinked.
there are lots of tricks you can do with Apache mod-rewrite and/or .htaccess