Join 3,556 readers in helping fund MetaFilter (Hide)


"You'll gonna need a more sophisticated solution."
July 21, 2005 10:35 AM   Subscribe

I've just learnt (after an afternoon of struggling) that Apache's mod_write module doesn't work for embedded media, like a video in object tags. The best response I could get to my problem was "You'll gonna need a more sophisticated solution.". Well thanks. Any pointers?

I'm trying to prevent hotlinking (for sensitivity reasons rather than bandwidth) a series of wmv's on a remote http server.

I can protect them nicely if I'm happy to just link to them but if I want to embed them nothing happens. I know I could put embed them in a html file on the remote and protect that html file, but that's not the solution I'm looking for.
posted by handybitesize to Computers & Internet (5 answers total)
 
You mean mod_rewrite? Why doesn't it work with embedded media? That doesn't make sense to me..
posted by Plutor at 10:58 AM on July 21, 2005


So you've got your webpage, http://www.example.com/a.html, which has a WMV video embedded, http://www.example.com/a.wmv. And you're using mod_rewrite on the WMV file to check the referer URL to see if it matches http://www.example.com/a.html. And if it doesn't match you're redirecting to a 'denied' notice. Is that what you're trying to do?
posted by chrismear at 11:19 AM on July 21, 2005


Okay, I've done some experimenting and I think I've found your problem. It seems that most media-playing browser plugins don't send a referer URL. So even if the video is embedded in your webpage, your webserver log will show the video file being accessed from a blank referer.

The only (partial) solution with mod_rewrite is to also allow requests for the video file that have a blank referer, as well as allowing requests that have your webpage as the referer URL. This will block other people from linking to the videos, while allowing you to embed the video files on your webpage. Unfortunately, it will also allow anybody else to embed the video files on their webpages, and it will also allow people to directly download the video files using something like wget.

A more sophisticated solution could be to have your webpage run a script that dynamically generates a random URL for the video file each time the webpage is visited (e.g. myvideo2837594847293.wmv). The script would simultaneously make a copy of the video on your webserver with that same filename (myvideo2837594847293.wmv). After a certain amount of time (say, a minute or so), you can remove that video file from the system. That way, the embedded file plays normally if you just visit the web page, but you can't get a URL to the video that will last longer than a minute.
posted by chrismear at 11:55 AM on July 21, 2005


or instead of copying files... make a symbolic link, and use find to clean out all the ones that are > a few hours old or whatever, depending on how big they are.

If they're actually sensitive, why not just put them in a password protected directory?
posted by mosch at 7:45 PM on July 21, 2005


I liked the link ideas (both copying and symbolic) but as the video exists on a seperate server, I don't really want to have to rely on running scripts there, if I can get away with doing it on the webserver.

I can't put them in a password protected directory, as they are to play embedded in a branded page and I dont want users to go through a http authentification after they've already gone through the sites own.

I'm thinking I can't match my requirements - so better change them. I wonder if I can fiddle something with a asx playlist........?
posted by handybitesize at 1:20 AM on July 22, 2005


« Older Is there a neat way to find ou...   |  My Google-fu fails. I'm tryin... Newer »
This thread is closed to new comments.