I need an anti-hotlinking htaccess for WMVs

[Tommy]

I love wmv's, small file size, easy to make and they seem smoother but protecting them is a bitch

if someone came up with a script that would protect them for like 50 bucks I bet they would make a lot of money


I have some sort of issue where i cant view mpeg online
I have to download them to my harddrive and then they will play

[Opti]

Quote:

Originally posted by Tommy
I love wmv's, small file size, easy to make and they seem smoother but protecting them is a bitch

if someone came up with a script that would protect them for like 50 bucks I bet they would make a lot of money


I have some sort of issue where i cant view mpeg online
I have to download them to my harddrive and then they will play

I agree... and have to sort out a solution myself right now.

I thought what D-Man posted looked like it would work for my situation, in conjunction with a simple php script.

Quote:

you do an allow and deny

one is by IP

deny from all
allow from 123.456.789.001

The other way is (folder that links the pages that loads the files

deny from all
allow from /www/sites/yourdomain.com/content/

I'll be trying it in the next day or so... and will let you know how I go.

[tat2jr]

Quote:

Originally posted by Opti
I agree... and have to sort out a solution myself right now.

I thought what D-Man posted looked like it would work for my situation, in conjunction with a simple php script.

I'll be trying it in the next day or so... and will let you know how I go.

Cool! Keep us informed on how that worked for ya. I have some I'd like to protect too.

[stev0]

This is what I use and it works with my wmv files...

.htaccess file

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*yourdomain.com(:80)*/ [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*anyotherreferingdomain.com(:80)*/ [NC]
RewriteCond %{HTTP_COOKIE} !(^|(.+*)id=valid(;.*|$)
RewriteRule /* http://www.picz.ca/notice.html [R,L] )


Then here's the trick to get it working with wmv's or any file for that matter.

Put this in the head of the html file that your visitors will see (with the videos on it).

<SCRIPT LANGUAGE="javascript">
// Calculate the expiration date
var expires = new Date ();
expires.setTime(expires.getTime() + 24 * 60 * 60 * 1000);
document.cookie = "id=valid; path=/" + "; expires=" + expires.toGMTString();
</SCRIPT>


That javascript will make a cookie (which is one of the rewritecond's in the htaccess file). So even though the wmv file doesnt show a referal, the surfer that was at that page will have that cookie and therfore can download the wmv file.

[stev0]

haha, the board put a smiley into the middle of that code.... so if you copy and paste it just turn the smiley back into a "; )" (without the space between).

If anyone has any problems feel free to hit me up on ICQ 421-34-11

[Cleo]

Do you have an example of a page that uses this?

[JenC]

Quote:

Originally posted by Tommy
I love wmv's, small file size, easy to make and they seem smoother but protecting them is a bitch

if someone came up with a script that would protect them for like 50 bucks I bet they would make a lot of money


I have some sort of issue where i cant view mpeg online
I have to download them to my harddrive and then they will play

I prefer WMVs too as they look better and a smaller file size, however if I can't protect them fuck it. MPEGs are just fine.

I also have the same issue that I can't stream MPEGs. Some weird broken up looking player appears in my browser if I try to do that.

[JenC]

Update on my situation....I just did what Cleo suggested and I converted all my WMVs into MPEGs and they cannot be hotlinked now. I don't see the benefit of buying AHL just to keep them in the WMV format. It looks like a good script but since there are so many work arounds, it doesn't seem to be money well spent.

[stev0]

Quote:

Originally posted by Cleo
Do you have an example of a page that uses this?

Cleo, do you have an XXXSexTicket password for reviewing?

Here's an example... http://www.picz.ca/enter.html

when the user enters from that page they can access http://www.picz.ca/content/index.html
(which has that javascript code that makes the cookie).

Not the greatest example i know... i'll set up another one without the avs script for you guys to check out.

[stev0]

Here's a little example I put together...

http://fuk.ca/wmvprotection/

(just uploading the stuff now.. be patient )

[JenC]

It's just not working for me Stev0. Here is my htaccess:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*trailertrashvideos.com(:80)*/ [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*trailertrashvideos.com(:80)*/ [NC]
RewriteCond %{HTTP_COOKIE} !(^|(.+*)id=valid(;.*|$)
RewriteRule /* http://www.picz.ca/notice.html [R,L] )

And here is my javascript:
<SCRIPT LANGUAGE="javascript">
// Calculate the expiration date
var expires = new Date ();
expires.setTime(expires.getTime() + 24 * 60 * 60 * 1000);
document.cookie = "id=valid; path=/" + "; expires=" + expires.toGMTString();
</SCRIPT>

[JenC]

And yes I replaced the smiley

[Cleo]

Quote:

Originally posted by stev0
Here's a little example I put together...

http://fuk.ca/wmvprotection/

(just uploading the stuff now.. be patient )

Nope can't play the video. I'm on a Mac so maybe your script is Windows IE only.

[stev0]

Hey Cleo, try refreshing and try it again... i made a mistake in there, but it should be fixed now.

http://fuk.ca/wmvprotection/

[stev0]

Quote:

Originally posted by JenC
It's just not working for me Stev0. Here is my htaccess:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*trailertrashvideos.com(:80)*/ [NC]
RewriteCond %{HTTP_REFERER} !^http://([a-z0-9-]+\.)*trailertrashvideos.com(:80)*/ [NC]
RewriteCond %{HTTP_COOKIE} !(^|(.+*)id=valid(;.*|$)
RewriteRule /* http://www.picz.ca/notice.html [R,L] )

And here is my javascript:
<SCRIPT LANGUAGE="javascript">
// Calculate the expiration date
var expires = new Date ();
expires.setTime(expires.getTime() + 24 * 60 * 60 * 1000);
document.cookie = "id=valid; path=/" + "; expires=" + expires.toGMTString();
</SCRIPT>

Jen, is it not protecting your videos? or is it blocking all access?

If you're comming from your domain it should allow access because your domain is on the allow list in the htaccess.

[Cleo]

Quote:

Originally posted by stev0
Hey Cleo, try refreshing and try it again... i made a mistake in there, but it should be fixed now.

http://fuk.ca/wmvprotection/

Nope. WMP gets sent the html for a bad referral since WMP does not give any referral information.

[stev0]

Quote:

Originally posted by Cleo
Nope. WMP gets sent the html for a bad referral since WMP does not give any referral information.

Ah... it must be trying to open the notice.html file as video.wmv. It does that if i right click and choose to download the file as well, but it calls it video.wmv.htm and still opens the notice.html file as a webpage.

Does it download fine after you visit the content URL?

If so, the hotlink protection would still work, but non windows visitors wouldn't be sent back to your site.

[JenC]

Quote:

Originally posted by stev0
Jen, is it not protecting your videos? or is it blocking all access?

If you're comming from your domain it should allow access because your domain is on the allow list in the htaccess.

It's not protecting anything. I originally got an ISE and then I realized I needed to replace the smiley so I did and it didn't block a thing.

[stev0]

Quote:

Originally posted by JenC
It's not protecting anything. I originally got an ISE and then I realized I needed to replace the smiley so I did and it didn't block a thing.

Try copying the script off the example page I posted. It will work unless you already have to cookie, or you're trying to access the video from your own domain.

Try clearing your cookies to test it... if you already have the cookie (by loading the content page) it will stay there for 24 hours unless you delete it.

[JenC]

Quote:

Originally posted by stev0
Try copying the script off the example page I posted. It will work unless you already have to cookie, or you're trying to access the video from your own domain.

Try clearing your cookies to test it... if you already have the cookie (by loading the content page) it will stay there for 24 hours unless you delete it.

I did try it from the page because I know the PHP board can put in extra stuff. I dunno why I can't do it.

[stev0]

Quote:

Originally posted by JenC
I did try it from the page because I know the PHP board can put in extra stuff. I dunno why I can't do it.

If you clear your cookies and try my code it will work... hit me up on ICQ if you're having problems with yours and i'll see if I can help you fix it

ICQ 421-3411

Cleo said javascript is banned some places though... which could be a problem for freesites/mgp's, but for protecting members area's this works great.

[KCat]

A lot of people have cookies blocked these days, especially from porn sites. I don't think many TGP owners would list a gallery with that script either.

[Cleo]

It is too bad that MPEG-4 isn't widely accepted. It is another open standard, looks great, you can protect it with htaccess, has fast start streaming.

[AndyS]

Had the same problem a while back and got a script for a couple hundred dollars, It works great, really simple and can be put on as many sites as you have. Think it works by renaming the link and redirecting to it through the script, it does this say every hour so it can be hotlinked but only for that short time then its a dead link. I can did out the info if anyone is interested .

[JenC]

I finally got Stev0's script working. After I cleared cookies it worked just fine. I don't mind if it's not blocking Macintosh, that's a small % of the web overall. And no I'm not ragging on Mac, I own two of them myself......I'm bi-platformal.