I need an anti-hotlinking htaccess for WMVs
 

I currently am using htaccess to do anti-hotlinking of the pictures on my site and it works well, but I need a script that will not allow users to hotlink WMVs.

Here is the script I am using now:

And if I just add "wmv" to the list of "rewrite rule" it works, but it works TOO good. People who are just trying to click the movies from my page cannot play the movies, much less hotlink to them.

Anyone have any ideas how I can get people to be able to view the movies from my site but not hotlink to them directly? Thanks!

|pcsucks|

There are ways of doing it but not using htaccess. I've seen scripts that can be installed on your server. Personally I just switched to mpegs and all is good.

Oh so MPEGs can be added to htaccess?

Yes and it works just like with GIFs and JPGs.

Oh well then that solution is obvious. I wasn't aware of that. I don't need WMVs.

Thanks Cleo, you just saved me $200 on a script. |smooch|

What version of Apache are you on?

You could have altered the Rule to read
RewriteRule [^/]+.(jpg|jpeg|gif|png|bmp|wmv)$ - [F]

That may have worked.

Nope, it didn't like that.

That doesnt work as no REFERER is sent when WMVs are played

DD

you do an allow and deny

one is by IP

deny from all
allow from 123.456.789.001

The other way is (folder that links the pages that loads the files

deny from all
allow from /www/sites/yourdomain.com/content/


google .htaccess and you should find one that works - I looked for one to cut and paste but I can't find the right one - I have done this before myself

Doesn't the same apply to .mpg and .avi files?

No it doesn't.

The browser plays mpegs so it sends referral info. You can play mpegs with no plugins installed at all with some browsers and they will still play. With WMV files another application plays them. Not really sure about AVI files but I seem to remember that they work the same way mpegs work.

WMV files work like crap on non Windows machines with lots of issues.

RealPlayer files have the same issues as WMV files.

I don't play the mepgs within my browser, which would mean that no referral info is sent?

If you have a link to a .mgp which is only protected with .htaccess please post a direct link here so I can test it, thanks.

I copy & pasted this link http://kinky-cleo.com/porn/movies/shower/movies/06.mpg directly in the browser, and it downloaded just fine.

As it should. I have bookmarking of movies allowed.

I'm stopping hotlinking not bookmarking a movie, but a simple change to my htaccess would also prevent this.

This line in my htacess allows bookmarking a movie or pic.
RewriteCond %{HTTP_REFERER} !^$

Try pasting the url of the movie into this page and you will see that it does not play.
http://altlab.com/hotlinking.html

And if you click the link you'll be able to download the movie, so your so called "hotlinking protection" isn't working.

EDIT: Link removed.

Correct, but the movie wouldnt play even if you allowed it. That script only works with pictures.

My htaccess is working the way I want it to.

You can click on it from this board and play the movie because the greenguysboard.com is in my htaccess file.

But just to prove my point I have changed my htaccess file for this one gallery and you can no longer bookmark a movie or play it from this board. Only kinky-cleo.com is now a good referral.

That is the beauty of htaccess in that you can control access without spending money on scripts or the hassle of scripts. Plus you can do it by directory as I have just shown.

You have turned into a spammer just trying to sell your script which I don't need or want.

It works with anything. All it does is hotlink media. If you don't believe me then go build yourself a page on your server and try to hotlink my movie.

I love Cleo's redirecting to "cleo-says-fuck-you" |haha

Nige, sorry to say so, but 250$ for AHL is money out of the window. There is an easy way to by-pass it |rasta|

I guess I was wrong, I didn't know you could use .htaccess to block .mpg's from being hotlinked.

I apologize.

And I am in no way affiliated with AHL. Just so you know.

Really, how?

You sure sound like you are an affiliate of that script. If you are not then I apologize for calling you a spammer.

If I were I would most likely have used a ref. link. And I removed the link.

I guess you owned me big time. |knockout|

I'm surprised that not more people are using .htaccess to block access to .mpg's, there's a lot of big affiliate programs that are having their movie files hotlinked.

Not gonna post something like that on a public board since not all viewers have "good" intentions.

I love wmv's, small file size, easy to make and they seem smoother but protecting them is a bitch

if someone came up with a script that would protect them for like 50 bucks I bet they would make a lot of money


I have some sort of issue where i cant view mpeg online
I have to download them to my harddrive and then they will play

I agree... and have to sort out a solution myself right now.

I thought what D-Man posted looked like it would work for my situation, in conjunction with a simple php script.

I'll be trying it in the next day or so... and will let you know how I go.

Cool! Keep us informed on how that worked for ya. I have some I'd like to protect too.

This is what I use and it works with my wmv files...

.htaccess file

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com(:80)*/ [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*anyotherreferingdomain.com(:80)*/ [NC]
RewriteCond %{HTTP_COOKIE} !(^|(.+;)*)id=valid(;.*|$)
RewriteRule /* http://www.picz.ca/notice.html [R,L] )


Then here's the trick to get it working with wmv's or any file for that matter.

Put this in the head of the html file that your visitors will see (with the videos on it).




That javascript will make a cookie (which is one of the rewritecond's in the htaccess file). So even though the wmv file doesnt show a referal, the surfer that was at that page will have that cookie and therfore can download the wmv file.

haha, the board put a smiley into the middle of that code.... so if you copy and paste it just turn the smiley back into a "; )" (without the space between).

If anyone has any problems feel free to hit me up on ICQ 421-34-11

Do you have an example of a page that uses this?

I prefer WMVs too as they look better and a smaller file size, however if I can't protect them fuck it. MPEGs are just fine.

I also have the same issue that I can't stream MPEGs. Some weird broken up looking player appears in my browser if I try to do that.

Update on my situation....I just did what Cleo suggested and I converted all my WMVs into MPEGs and they cannot be hotlinked now. I don't see the benefit of buying AHL just to keep them in the WMV format. It looks like a good script but since there are so many work arounds, it doesn't seem to be money well spent.

Cleo, do you have an XXXSexTicket password for reviewing?

Here's an example... http://www.picz.ca/enter.html

when the user enters from that page they can access http://www.picz.ca/content/index.html
(which has that javascript code that makes the cookie).

Not the greatest example i know... i'll set up another one without the avs script for you guys to check out.

Here's a little example I put together...

http://fuk.ca/wmvprotection/

(just uploading the stuff now.. be patient :) )

It's just not working for me Stev0. Here is my htaccess:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*trailertrashvideos.com(:80)*/ [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*trailertrashvideos.com(:80)*/ [NC]
RewriteCond %{HTTP_COOKIE} !(^|(.+;)*)id=valid(;.*|$)
RewriteRule /* http://www.picz.ca/notice.html [R,L] )

And here is my javascript:

And yes I replaced the smiley

Nope can't play the video. I'm on a Mac so maybe your script is Windows IE only.

Hey Cleo, try refreshing and try it again... i made a mistake in there, but it should be fixed now.

http://fuk.ca/wmvprotection/

Jen, is it not protecting your videos? or is it blocking all access?

If you're comming from your domain it should allow access because your domain is on the allow list in the htaccess.