Greenguy's Board - FLV Hotlinking Protection & File Management Help

Greenguy's Board (http://www.greenguysboard.com/board/index.php)

- Programming & Scripting (http://www.greenguysboard.com/board/forumdisplay.php?f=15)

- - FLV Hotlinking Protection & File Management Help (http://www.greenguysboard.com/board/showthread.php?t=56076)

A.J. Angel

2010-01-17 11:07 AM

FLV Hotlinking Protection & File Management Help

Hey everyone,

I would like to ask for help on two things, especially to those who own tube sites and those who have video galleries.

The first one being if you guys know of a simple and effective way to protect myself from leechers hotlinking my FLV files to avoid bandwidth issues. Please note that I'm not a geek so I'm looking something easy to understand and implement.

The second being, if there is a recommended way to sort the FLV files. I have seen some sites having their FLV in the same directory as their gallery or on a dedicated directory or subdomain for FLV files.

For the moment I only have around 150 videos with around 20-25 being more than 10Mb. Most of them are trailers but there are quite a few that are samples taken from FHG. Among them, about 50-75 are hosted FLV files offered by sponsors.

I would highly appreciate any pointers and directions on what to do and how to do. :)

Cleo	2010-01-17 03:22 PM

FLV files can be easily protected using htaccess.

Code:

RewriteCond %{HTTP_REFERER} !^$ [NC]

RewriteCond %{HTTP_REFERER} !^http://(.*@)?([a-z0-9-]+\.)?YOURDOMAIN\.com([0-9]+)?(/.*)?$ [NC]

RewriteRule .*\.(flv|css|asf|mpg|mpeg|wmv|avi|rm|gif|jpeg|jpg|zip|png|swf|mp4|m4v)$ - [NC,F,L]

A.J. Angel

2010-01-18 02:22 AM

Quote:

Originally Posted by Cleo (Post 474094)

FLV files can be easily protected using htaccess.

Code:

RewriteCond %{HTTP_REFERER} !^$ [NC]

RewriteCond %{HTTP_REFERER} !^http://(.*@)?([a-z0-9-]+\.)?YOURDOMAIN\.com([0-9]+)?(/.*)?$ [NC]

RewriteRule .*\.(flv|css|asf|mpg|mpeg|wmv|avi|rm|gif|jpeg|jpg|zip|png|swf|mp4|m4v)$ - [NC,F,L]

That's what I have in my .htaccess. It works in all browsers except Firefox and Safari. I don't mind about Safari because the number of users are low, but Firefox... :-/

Cleo	2010-01-18 07:18 AM

Can you post an example?

A.J. Angel

2010-01-18 11:29 AM

Quote:

Originally Posted by Cleo (Post 474124)

Can you post an example?

Sure. Here below, I have put up a video on a page located on pimpinangelz.com. If you look at the source code, you will notice that the video is on exquisiteangelz.com. If you try to play the video in any browser other than Firefox or Safari, it won't play. You get a 404 or access denied.

http://www.pimpinangelz.com/test.html

Here is the code I have in my .htaccess file:

Code:

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?exquisiteangelz.com [NC]

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bbs.exquisiteangelz.com [NC]

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?images.exquisiteangelz.com [NC]

RewriteRule \.(jpg|png|gif|flv)$ - [NC,F,L]

Cleo	2010-01-18 11:40 AM

1 Attachment(s)

Quote:

Originally Posted by A.J. Angel (Post 474154)

I just tried to play it in Safari and it didn't play. Are you sure you aren't loading from cache on your machine?

http://www.greenguysboard.com/board/...1&d=1263832757

cd34	2010-01-18 12:25 PM

First issue, your embedding is wrong for IE. IE doesn't support embedding the same way that Firefox/Safari does. The video does play for me in Firefox, but does not play in Safari or Chrome. Since Safari/Chrome are based on webkit, I would suspect something is wrong with the embedding code. I don't have IE to test, but, I am 95% sure that you need the

A.J. Angel

2010-01-18 02:41 PM

Ok, I have just updated the player.swf and the swfobject.js file to the latest. I have also updated the embeddable code for the video.

I have done testing on my side and the hotlink protection is working under IE, Chrome and Opera. It doesn't work under Firefox or Safari as I was able to play them.

Quote:

Originally Posted by Cleo (Post 474155)

I just tried to play it in Safari and it didn't play. Are you sure you aren't loading from cache on your machine?

I cleared the cache and it is still the same for me.

Quote:

Originally Posted by cd34 (Post 474158)

So, with that fixed, then it is on to protecting your content. Since the url is in the open, someone could do a view source and download the content directly. What you would need to do is write a short plugin to protect the url by encoding it in some manner, and allow the player to decode that to find the original URL. You'll stop the honest porn surfers from finding the source, but, anyone running livehttpheaders or any similar plugin will be able to see the source url as the browser must ultimately pull that content.

the .htaccess protection would work if you were providing a direct link to the content, but, someone could just cut and paste the url.

Do you mean a plug-in for the player or a plug-in for Firefox and Safari? I also suppose the number of surfers using livehttpheaders are low?

On the actual site, the path to the video is a relative path and not a URL.

Quote:

Originally Posted by cd34 (Post 474158)

On the server side, you could switch to lighttpd which does handle FLV streaming, and use something like:

http://redmine.lighttpd.net/projects...BeforeDownload

which is a different method of protecting the content. You would set up the one directory as the trigger, and any request to access the protected content would be denied unless the trigger had been set. Of course, if they have viewed the site and set the trigger, they could easily view the source and download the content.

Unfortunately, I cannot use lighttpd so we must rule that option. On another hand, I also prefer using a method that I can understand and implement myself instead of relying on my webhost.

Cleo	2010-01-18 02:49 PM

1 Attachment(s)

Quote:

Originally Posted by A.J. Angel (Post 474163)

I cleared the cache and it is still the same for me.

Are you using Safari on a Mac or PC? Not sure if it makes a difference but I'm on a Mac and the movie does not play.

I just tried it again after refreshing the page to be sure I had the latest.

I tried it just now in Mac Firefox and then movie does play so it seems that your hot linking doesn't work in Firefox but you already knew that.

http://www.greenguysboard.com/board/...1&d=1263844123

A.J. Angel

2010-01-18 04:19 PM

Quote:

Originally Posted by Cleo (Post 474166)

I am using Safari on a PC. I don't have a Mac. Hmm... it could be possible that it is a Safari/PC thing if the hotlink protection works for Safari/Mac.

Yes. I have tried Firefox and the hotlink protection doesn't work. As I understand, either Firefox doesn't pass a referrer either the flash player doesn't pass a referrer in Firefox.

Cleo	2010-01-18 05:32 PM

Quote:

Originally Posted by A.J. Angel (Post 474173)

As I understand, either Firefox doesn't pass a referrer either the flash player doesn't pass a referrer in Firefox.

Sounds like the same issue that WMV files have which is why I don't use them.

I don't know if you are making your own FLVs or someone else is providing them but if you are making them you could do what I do and make them mp4 files instead of FLV and embed the mp4 in your Flash player. Like I did in this test page.

A.J. Angel

2010-01-18 05:48 PM

Quote:

Originally Posted by Cleo (Post 474183)

I actually tackled that idea. I tried to convert the trailer.flv into trailer.mp4 but although the conversion went without issues in Flash CS4, I could get to play it with Media Player Classic from K-Lite. I had converted it into NTSC High Quality or something like that. I shall have to give it a try again but more in-depth this time.

Cleo	2010-01-18 06:04 PM

Another benefit of using mp4 is you can make the same file available for iPods, iPhones, etc. if you want to. Like on this tour page.
(I have multiple optimized files available for download on that page but the only one that is really needed is the one labeled QuickTime as that will also play on iPods and iPhones. The QuickTime one is the same mp4 that is embedded into the Flash player.)

cd34	2010-01-19 12:11 AM

Do you have access to the raw logs provided by apache?

If so, if those pages are not that active, maybe post the logs for anything referring to that .flv and the page and we might be able to figure out why it might not be working.

First test would be to disable the rules to see if it does work in all of the browsers, ensuring that the encoding is indeed correct. Once you've done that, reinstate the rules, see what breaks. Then, post the raw logs of the failed requests and perhaps we can see a pattern.

A.J. Angel

2010-01-19 04:56 AM

Quote:

Originally Posted by cd34 (Post 474200)

No, I'm sorry but I don't have access to the raw logs provided by Apache.

A.J. Angel

2010-01-19 06:10 AM

I did some further searching and I found this code posted on Digital Point. What are your opinions?

Code:


$filename="/path/to/your/file.flv";

$yourdomain = "yourdomain.com";

if (stristr($yourdomain, $_SERVER["HTTP_REFERER"]) || $_SERVER["HTTP_REFERER"]=="")

{

header("Content-type: video/flv");

echo file_get_contents($filename);

}

else

die ("You are not allowed to access this file");

?>

Unfortunately, I'm not sure how to get it to work although I understand what he means. :-/

http://forums.digitalpoint.com/showp...58&postcount=5

brettsimpson

2010-02-14 09:55 PM

Good tip

Quote:

Originally Posted by Cleo (Post 474094)

FLV files can be easily protected using htaccess.

Code:

RewriteCond %{HTTP_REFERER} !^$ [NC]

RewriteCond %{HTTP_REFERER} !^http://(.*@)?([a-z0-9-]+\.)?YOURDOMAIN\.com([0-9]+)?(/.*)?$ [NC]

RewriteRule .*\.(flv|css|asf|mpg|mpeg|wmv|avi|rm|gif|jpeg|jpg|zip|png|swf|mp4|m4v)$ - [NC,F,L]

this was an excellent tip, Cleo... didn't know about this one before you pointed it out

All times are GMT -4. The time now is 08:20 AM.