Humanities Web Support Knowledge Base

Preventing video files being download by viewers

Published by

odhwp

on

In this post, I will show how to use htaccess to protect video files being download from viewers.

We only want viewers to view the files on web browser but we don’t want viewers to download them.

Let’s say, we have video files, MP4, are stored in /var/www/folder1/folder2/folder3 and we want to protect them from being accessing directly from web browser.

However, we want people be able to view those video files from some html pages which are stored in /var/www/folder1/folder2/.

Since we want people can view video files but we don’t want them to download, so we want to restrict viewer control setting on those html files.

We will need to make sure that controlslist = nodownload.

If we don’t have this setting in the html files, users will be able to download video files while they are watching them.

Since we said that html pages are inĀ  /var/www/folder1/folder2/ and video files are in /var/www/folder1/folder2/folder3.

It’s likely that viewers will be able to find out the video files location on server by inspecting html page files and then access those files directly including download them from the direct path.

Our task is to prevent people from accessing those video files directly, so they can’t download them.

Therefore, we use htaccess to protect folder3 and at the same time allowing html files from folder2 to access video files.

Create a htaccess file with following content in it.

 

# enable mod_rewrote
RewriteEngine on

# RewriteCond
# HTTP_REFERER = check from where the request originated
# ! = exclude
# ^ = start pf string
# [NC] = case insensitive search

RewriteCond %{HTTP_REFERER} !^https://domainname.byu.edu/folder1/folder2 [NC]

# \ = match any
# . = any character
# () = pattern, group
# $ = end of string

# [F] = forbidden, 403
# [L] = stop processing further ruler

RewriteRule \.(mp4)$ – [F,L]

 

In the above htaccess, the important line is

RewriteCond %{HTTP_REFERER} !^https://domainname.byu.edu/folder1/folder2 [NC]

If we use !^https://domainname.byu.edu/folder1/folder2/folder3 instead, the html page files in folder2 won’t be able to access video files in folder3.

If we use !^https://domainname.byu.edu/folder1/folder2, html page files are able to access video files in folder3 and people won’t be able to access those video files directly from the web browser.

Resource links.

  1. htaccess regular expression
    https://chemicloud.com/kb/article/htaccess-regex-characters/
  2. htaccess cheat sheet
    https://htaccesscheatsheet.com/#disable-image-hotlinking
  3. Prevent direct access
    https://youtu.be/PsbpuH_e12E
Previous Post
Next Post