Disallow direct access to files

[jammesz]

Hi, im trying to work out how to stop direct access to a certain folder and its files.

 

My purpose of this is to protect video files from being downloaded and i figured that the apache mod_rewrite

is used to do this. I have tryed searching this forum and the web for a solution only to find anti-hotlinking scripts in which i customized to disallow my own site from accessing them but then when i view the videos in my flash player the apache server (after I viewed the video) allows me to access it, whereas it disallows me to access videos that i havent viewed in the flash player.

Now to me that seems a bit stupid as it should follow the rules i give it no matter what.

 

Anyway, i am fully aware about how the cache downloads the videos and all the other protection issues

so dont mention that this whole thing is a waste of time because of them. Ive already fixed all thoughs issues except for this one.

I know this is possible as all you have to do is read the users url and make sure that they aren't in the video directory.

I have barely any experience with .htaccess files and when i search for a tutorial

it just comes up with how to password protect a directory with .htaccess and nothing else so ive come here for help.

 

Any ideas?

 

 

 

[MadTechie]

add a index.php file to the folder that holds the movies

create a video player in flash and the link to the files gets returned via a connection to a php file which check things like sessions (created during login)

 

So

when i say session i mean session interlinked database

 

Login create a session

Video is steamed via a php which will only work after checking session

Flash player picks up the video from the php file of course you can add protection here as well

 

as for HotLink protection you add that to the PHP script and also you have one in cPanel

 

i hope that helps

[jammesz]

You completely misunderstood the question. i want to prevent direct access to the movies so that if a person goes to http://mydomain.com/videos/mymovie.flv it will redirect them and wont download the movie.

 

Plus i've already got a script that does what you said above (different method though).

[MadTechie]

You completely misunderstood the question. i want to prevent direct access to the movies so that if a person goes to http://mydomain.com/videos/mymovie.flv it will redirect them and wont download the movie.

 

Plus i've already got a script that does what you said above (different method though).

 

Erm.. did you read/understand the sessions part ?

[jammesz]

You completely misunderstood the question. i want to prevent direct access to the movies so that if a person goes to http://mydomain.com/videos/mymovie.flv it will redirect them and wont download the movie.

 

Plus i've already got a script that does what you said above (different method though).

 

Erm.. did you read/understand the sessions part ?

 

 

umm... isnt it just a script that hides the actual link of the video files??

[MadTechie]

Not exacly

 

you can make this more complex but for a basic example this is one solution

 

user clicks on a link ie video.php?ID=12

this page creates a random number were say 1234

a session is stored with 1234

a record in the database is created with 4 fields VideoID = 12, Session = 1234, active = 1, IP = connections IP,

the Player Now starts to play the Movie from another script MoviePlayer.php

MoviePlayer.php uses the session to looks into the database and finds the VideoID checks the IP and that active = 1 now it sets the active to 0, and unsets the session and starts to readin the video file.

 

 

 

[jammesz]

So... ill repeat what i said before then - thats not what my question was asking

[MadTechie]

~Sighs~

 

ok

.htaccess

 Options +FollowSymlinks
# no hot-linking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?phpfreaks\.com/ [nc]
RewriteRule .*\.(avi|mpg|mpeg)$ http://phpfreaks.com/movies/dummy.avi [nc]

 

[jammesz]

~Sighs~

 

ok

.htaccess

 Options +FollowSymlinks
# no hot-linking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?phpfreaks\.com/ [nc]
RewriteRule .*\.(avi|mpg|mpeg)$ http://phpfreaks.com/movies/dummy.avi [nc]

 

Did you read all of my question? I explained that ive already tryed this and it did work until the flash player viewed the .flv file and then it didnt (i was able to access the flv file after viewing it in the flash player).

 

this is what i used:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} ^http://(www.)?jamix.com/joomla/videos(/)?.*$ [NC]
RewriteRule .*.(mpg|wmv|mov|rm|avi|flv|mpeg|swf|MPEG|WMV|AVI|MOV|RM|FLV)$ http://www.jamix.com/joomla/access_denied.php [R,NC]

its only a test htaccess script that disallowed direct access from my own site.

Dont bother going to www.jamix.com as its just my intranet domain, not a real domain.

 

Anyway this way doesnt work so dont bother going into it.

 

Think of it like this. All i want is basically a htaccess file that has 'deny from all' except for the flash player.

 

 

[jammesz]

I tryed the following in my .htaccess file and it worked but then the flash player doesn't play the video file:

RewriteEngine on
RewriteRule ^(.*)\.flv$ http://www.jamix.com/joomla/?option=com_video&vc=$1 [nc]

 

So this doesnt work but im hoping this might give someone an idea of how to solve my problem.