FLV Hotlinking Protection & File Management Help

[A.J. Angel]

Hey everyone,

I would like to ask for help on two things, especially to those who own tube sites and those who have video galleries.

The first one being if you guys know of a simple and effective way to protect myself from leechers hotlinking my FLV files to avoid bandwidth issues. Please note that I'm not a geek so I'm looking something easy to understand and implement.

The second being, if there is a recommended way to sort the FLV files. I have seen some sites having their FLV in the same directory as their gallery or on a dedicated directory or subdomain for FLV files.

For the moment I only have around 150 videos with around 20-25 being more than 10Mb. Most of them are trailers but there are quite a few that are samples taken from FHG. Among them, about 50-75 are hosted FLV files offered by sponsors.

I would highly appreciate any pointers and directions on what to do and how to do.

[Cleo]

FLV files can be easily protected using htaccess.

Code:

RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.*@)?([a-z0-9-]+\.)?YOURDOMAIN\.com([0-9]+)?(/.*)?$ [NC]
RewriteRule .*\.(flv|css|asf|mpg|mpeg|wmv|avi|rm|gif|jpeg|jpg|zip|png|swf|mp4|m4v)$ - [NC,F,L]

[A.J. Angel]

Quote:

Originally Posted by Cleo

FLV files can be easily protected using htaccess.

Code:

RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.*@)?([a-z0-9-]+\.)?YOURDOMAIN\.com([0-9]+)?(/.*)?$ [NC]
RewriteRule .*\.(flv|css|asf|mpg|mpeg|wmv|avi|rm|gif|jpeg|jpg|zip|png|swf|mp4|m4v)$ - [NC,F,L]

That's what I have in my .htaccess. It works in all browsers except Firefox and Safari. I don't mind about Safari because the number of users are low, but Firefox... :-/

[Cleo]

Can you post an example?

[A.J. Angel]

Quote:

Originally Posted by Cleo

Can you post an example?

Sure. Here below, I have put up a video on a page located on pimpinangelz.com. If you look at the source code, you will notice that the video is on exquisiteangelz.com. If you try to play the video in any browser other than Firefox or Safari, it won't play. You get a 404 or access denied.

http://www.pimpinangelz.com/test.html

Here is the code I have in my .htaccess file:

Code:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?exquisiteangelz.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bbs.exquisiteangelz.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?images.exquisiteangelz.com [NC]
RewriteRule \.(jpg|png|gif|flv)$ - [NC,F,L]

[Cleo]

Quote:

Originally Posted by A.J. Angel

Sure. Here below, I have put up a video on a page located on pimpinangelz.com. If you look at the source code, you will notice that the video is on exquisiteangelz.com. If you try to play the video in any browser other than Firefox or Safari, it won't play. You get a 404 or access denied.

http://www.pimpinangelz.com/test.html

I just tried to play it in Safari and it didn't play. Are you sure you aren't loading from cache on your machine?

[cd34]

First issue, your embedding is wrong for IE. IE doesn't support embedding the same way that Firefox/Safari does. The video does play for me in Firefox, but does not play in Safari or Chrome. Since Safari/Chrome are based on webkit, I would suspect something is wrong with the embedding code. I don't have IE to test, but, I am 95% sure that you need the <object> tags to embed flash for IE.

From their wizard: http://www.longtailvideo.com/support...r-setup-wizard

Code:

<script type='text/javascript' src='swfobject.js'></script>
 
<div id='mediaspace'>This text will be replaced</div>
 
<script type='text/javascript'>
  var so = new SWFObject('player.swf','mpl','470','320','9');
  so.addParam('allowfullscreen','true');
  so.addParam('allowscriptaccess','always');
  so.addParam('wmode','opaque');
  so.addVariable('file','http://www.exquisiteangelz.com/trailer.flv');
  so.write('mediaspace');
</script>

or, if you want to use the object/embed mode:

Code:

<object classid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000' width='470' height='320' id='single1' name='single1'>
<param name='movie' value='player.swf'>
<param name='allowfullscreen' value='true'>
<param name='allowscriptaccess' value='always'>
<param name='wmode' value='transparent'>
<param name='flashvars' value='file=http://www.exquisiteangelz.com/trailer.flv'>
<embed
type='application/x-shockwave-flash'
id='single2'
name='single2'
src='player.swf'
width='470'
height='320'
bgcolor='undefined'
allowscriptaccess='always'
allowfullscreen='true'
wmode='transparent'
flashvars='file=http://www.exquisiteangelz.com/trailer.flv'
/>
</object>

Should allow it to work in all browsers. So, with that fixed, then it is on to protecting your content. Since the url is in the open, someone could do a view source and download the content directly. What you would need to do is write a short plugin to protect the url by encoding it in some manner, and allow the player to decode that to find the original URL. You'll stop the honest porn surfers from finding the source, but, anyone running livehttpheaders or any similar plugin will be able to see the source url as the browser must ultimately pull that content.

the .htaccess protection would work if you were providing a direct link to the content, but, someone could just cut and paste the url.

On the server side, you could switch to lighttpd which does handle FLV streaming, and use something like:

http://redmine.lighttpd.net/projects...BeforeDownload

which is a different method of protecting the content. You would set up the one directory as the trigger, and any request to access the protected content would be denied unless the trigger had been set. Of course, if they have viewed the site and set the trigger, they could easily view the source and download the content.

[A.J. Angel]

Ok, I have just updated the player.swf and the swfobject.js file to the latest. I have also updated the embeddable code for the video.

I have done testing on my side and the hotlink protection is working under IE, Chrome and Opera. It doesn't work under Firefox or Safari as I was able to play them.

Quote:

Originally Posted by Cleo

I just tried to play it in Safari and it didn't play. Are you sure you aren't loading from cache on your machine?

I cleared the cache and it is still the same for me.

Quote:

Originally Posted by cd34

So, with that fixed, then it is on to protecting your content. Since the url is in the open, someone could do a view source and download the content directly. What you would need to do is write a short plugin to protect the url by encoding it in some manner, and allow the player to decode that to find the original URL. You'll stop the honest porn surfers from finding the source, but, anyone running livehttpheaders or any similar plugin will be able to see the source url as the browser must ultimately pull that content.

the .htaccess protection would work if you were providing a direct link to the content, but, someone could just cut and paste the url.

Do you mean a plug-in for the player or a plug-in for Firefox and Safari? I also suppose the number of surfers using livehttpheaders are low?

On the actual site, the path to the video is a relative path and not a URL.

Quote:

Originally Posted by cd34

On the server side, you could switch to lighttpd which does handle FLV streaming, and use something like:

http://redmine.lighttpd.net/projects...BeforeDownload

which is a different method of protecting the content. You would set up the one directory as the trigger, and any request to access the protected content would be denied unless the trigger had been set. Of course, if they have viewed the site and set the trigger, they could easily view the source and download the content.

Unfortunately, I cannot use lighttpd so we must rule that option. On another hand, I also prefer using a method that I can understand and implement myself instead of relying on my webhost.

[Cleo]

Quote:

Originally Posted by A.J. Angel

I cleared the cache and it is still the same for me.

Are you using Safari on a Mac or PC? Not sure if it makes a difference but I'm on a Mac and the movie does not play.

I just tried it again after refreshing the page to be sure I had the latest.

I tried it just now in Mac Firefox and then movie does play so it seems that your hot linking doesn't work in Firefox but you already knew that.

[A.J. Angel]

Quote:

Originally Posted by Cleo

Are you using Safari on a Mac or PC? Not sure if it makes a difference but I'm on a Mac and the movie does not play.

I just tried it again after refreshing the page to be sure I had the latest.

I tried it just now in Mac Firefox and then movie does play so it seems that your hot linking doesn't work in Firefox but you already knew that.

I am using Safari on a PC. I don't have a Mac. Hmm... it could be possible that it is a Safari/PC thing if the hotlink protection works for Safari/Mac.

Yes. I have tried Firefox and the hotlink protection doesn't work. As I understand, either Firefox doesn't pass a referrer either the flash player doesn't pass a referrer in Firefox.

[Cleo]

Quote:

Originally Posted by A.J. Angel

As I understand, either Firefox doesn't pass a referrer either the flash player doesn't pass a referrer in Firefox.

Sounds like the same issue that WMV files have which is why I don't use them.

I don't know if you are making your own FLVs or someone else is providing them but if you are making them you could do what I do and make them mp4 files instead of FLV and embed the mp4 in your Flash player. Like I did in this test page.

[A.J. Angel]

Quote:

Originally Posted by Cleo

Sounds like the same issue that WMV files have which is why I don't use them.

I don't know if you are making your own FLVs or someone else is providing them but if you are making them you could do what I do and make them mp4 files instead of FLV and embed the mp4 in your Flash player. Like I did in this test page.

I actually tackled that idea. I tried to convert the trailer.flv into trailer.mp4 but although the conversion went without issues in Flash CS4, I could get to play it with Media Player Classic from K-Lite. I had converted it into NTSC High Quality or something like that. I shall have to give it a try again but more in-depth this time.

[Cleo]

Another benefit of using mp4 is you can make the same file available for iPods, iPhones, etc. if you want to. Like on this tour page.
(I have multiple optimized files available for download on that page but the only one that is really needed is the one labeled QuickTime as that will also play on iPods and iPhones. The QuickTime one is the same mp4 that is embedded into the Flash player.)

[cd34]

Do you have access to the raw logs provided by apache?

If so, if those pages are not that active, maybe post the logs for anything referring to that .flv and the page and we might be able to figure out why it might not be working.

First test would be to disable the rules to see if it does work in all of the browsers, ensuring that the encoding is indeed correct. Once you've done that, reinstate the rules, see what breaks. Then, post the raw logs of the failed requests and perhaps we can see a pattern.

[A.J. Angel]

Quote:

Originally Posted by cd34

Do you have access to the raw logs provided by apache?

If so, if those pages are not that active, maybe post the logs for anything referring to that .flv and the page and we might be able to figure out why it might not be working.

First test would be to disable the rules to see if it does work in all of the browsers, ensuring that the encoding is indeed correct. Once you've done that, reinstate the rules, see what breaks. Then, post the raw logs of the failed requests and perhaps we can see a pattern.

No, I'm sorry but I don't have access to the raw logs provided by Apache.

[A.J. Angel]

I did some further searching and I found this code posted on Digital Point. What are your opinions?

Code:

<?php
$filename="/path/to/your/file.flv";
$yourdomain = "yourdomain.com";
if (stristr($yourdomain, $_SERVER["HTTP_REFERER"]) || $_SERVER["HTTP_REFERER"]=="")
{
header("Content-type: video/flv");
echo file_get_contents($filename);
}
else
die ("You are not allowed to access this file");
?>

Unfortunately, I'm not sure how to get it to work although I understand what he means. :-/

http://forums.digitalpoint.com/showp...58&postcount=5

[brettsimpson]

Quote:

Originally Posted by Cleo

FLV files can be easily protected using htaccess.

Code:

RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(.*@)?([a-z0-9-]+\.)?YOURDOMAIN\.com([0-9]+)?(/.*)?$ [NC]
RewriteRule .*\.(flv|css|asf|mpg|mpeg|wmv|avi|rm|gif|jpeg|jpg|zip|png|swf|mp4|m4v)$ - [NC,F,L]

this was an excellent tip, Cleo... didn't know about this one before you pointed it out