Jump to content

Hotlink Protection For Embedded Media Players?

Mission

By Mission
in CPanel and Site Maintenance

 Share

Recommended Posts

Mission Collaborator

Mission

Posted
Posted

Helllo.

 

I was surprised to find that someone had embedded a couple of my video files in their Myspace page. I have the meta files and media file extensions hotlink protected, but I guess that doesn't work when the meta files are embedded in someone's page, rather than being linked to (in order to launch an external player)?

 

Is there a way to protect the files from being embedded? Thanks.

Link to comment
Share on other sites
Mission Collaborator

Mission

Posted
  • Author
Posted (edited)
Hi,

 

Can you produce a URL for us to look at?

 

Jimuni

 

This is his page (he changes his page often, though, so he may switch the videos before you can check on it):

 

http://profile.myspace.com/index.cfm?fusea...iendid=40732754

 

Two of the videos on the left-hand side, "Money Comin" and where he says "Don't 4get the Ladies" are linked to the .asx files on my web page:

 

<embed allowScriptAccess="never"src="http://www.altaredlives.org/playlist/Money_comin.asx" loop="false" type="application/x-mplayer2" ShowStatusBar="0" AutoSize="true" DisplaySize="0" AutoStart="false" pluginspage="http://www.microsoft.com/Windows/Downloads/Contents/Products/MediaPlayer/"></embed><br>Video'>http://www.microsoft.com/Windows/Downloads/Contents/Products/MediaPlayer/"></embed><br>Video code generated at <a href="http://coolmyspace.com">coolmyspace.com</a>'>http://coolmyspace.com">coolmyspace.com</a>

 

<embed allowScriptAccess="never"src="http://altaredlives.org/playlist/suite16_hi.asx" loop="false" type="application/x-mplayer2" ShowStatusBar="0" AutoSize="true" DisplaySize="0" AutoStart="false" pluginspage="http://www.microsoft.com/Windows/Downloads/Contents/Products/MediaPlayer/"></embed><br>Video code generated at <a href="http://coolmyspace.com">coolmyspace.com</a>

 

He's apparently a big fan of my site, promoting my site on his myspace. But who knows who else might be embedding videos elsewhere and using up my bandwidth...???

Edited by Mission
Link to comment
Share on other sites
surefire Mentor

surefire

Posted
Posted (edited)

Couldn't you modify this?

altlab.com/htaccess_tutorial.html

 

Like this-->

>RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png|asx)$ images/nohotlink.jpg [L]

Edited by surefire
Link to comment
Share on other sites
Mission Collaborator

Mission

Posted
  • Author
Posted
Couldn't you modify this?

altlab.com/htaccess_tutorial.html

 

Like this-->

>RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png|asx)$ images/nohotlink.jpg [L]

 

Thanks. Do I add the lines above to my .htaccess file as written?

Link to comment
Share on other sites
Mission Collaborator

Mission

Posted
  • Author
Posted
Hello,

 

The htaccess should stop it, and I think in the above example, 

>[NC

should be

>[NC]

 

Hmmm, even though he has it like that in all his examples, intresting.

 

If it doesnt work, let us know and we shall have a look further.

 

Jimuni

 

Thanks, I'll give it a try.

Link to comment
Share on other sites
Mission Collaborator

Mission

Posted
  • Author
Posted

I just checked the code that our Cpanel "Hotlink Protection" writes when you choose your options using that application. Most of the code above is already in my .htaccess file, except for the very last portion of the last line where it has

 

>RewriteRule \.(jpe?g|gif|bmp|png|asx)$ images/nohotlink.jpg [L]

 

 

So I added the last line, and it worked for the embedded videos on the other site. Great!

 

But..... it also blanked out all the image files on my own site. :) So I removed the image extensions, which allowed the images to show up on my site again. Great!

 

But.... when I clicked on the video links located on my site, it would give a 404 Page Not Found error. ;)

 

So that last line of code apparently bars images & videos from being seen or launched from my own site. :D

 

What's the difference between the [L] and the [NC]?

 

The code already in my .htaccess has:

 

>RewriteRule .*\.(bmp|ram|rm|asx|wmv|pls|swf)$ http://www.altaredlives.org [R,NC]

Link to comment
Share on other sites
click Enthusiast

click

Posted
Posted (edited)

Did you replace "example\.com" with your domain name? You should have this in your .htaccess.

 

>RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?altaredlives\.org/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|bmp|png|asx)$ images/nohotlink.jpg [L]

 

The 2 "RewriteCond"s are what should stop it from blocking your own site. So your problem is probably there. There should only be one RewriteRule after the RewriteCond's too.

 

What's the difference between the [L]and the [NC]?

[L] = Last Rule - It stops processing the .htacess file after matching that rule, I believe.

[NC] = Case insensitive - Matches both upper and lowercase

Edited by click
Link to comment
Share on other sites
Mission Collaborator

Mission

Posted
  • Author
Posted
Did you replace "example\.com" with your domain name? You should have this in your .htaccess.
Nope, so I guess that was part of the problem for sure...

 

 

The 2 "RewriteCond"s are what should stop it from blocking your own site. So your problem is probably there. There should only be one RewriteRule after the RewriteCond's too.

 

Ok. I guess I need to replace the one that's there with the new Rewrite rule. Thanks. I'll try it!

Link to comment
Share on other sites
Mission Collaborator

Mission

Posted
  • Author
Posted

I added all 3 lines from the altlab.com page and deleted the Rewrite Rule generated by the CPanel hotlink app. It didn't stop the hotlinking from the myspace page. It also didn't send my browser to my web site when links to my media files on other domains were clicked. (The browser opened my custom 404 Page Not Found page.)

 

I guess embedded video/audio isn't the same as embedded images.

 

Oh well... I'll just have to start adding something at the beginning or ending of the videos to show from where they're being streamed from now on when I process the files for the web. And when I find them being used without permission, I'll notify the web master like I used to do before I had hotlink protection. :rolleyes:

Link to comment
Share on other sites
Mission Collaborator

Mission

Posted
  • Author
Posted
Hello,

 

Having just tested it, it doesn't work at all, not even for images, so something is not right.

 

Could you please post your entire HTACCESS here and I will take a look and see whats not correct.

 

Htaccess does work, its just bit fiddley!

 

Jimuni

 

Well, the altlab.com code worked when I used their Rewrite line, but it still didn't work for the embedded videos and also didn't redirect the browser to my web site when links were clicked elsewhere, but gave a 404 page not found error. So I think I'll stick with cPanel's hotlink protection for now. The code that cPanel's app produces in the .htaccess file allows me to specify sites that I want to be able to access the metafiles, or sites which I allow image file access, which the altlab.com code doesn't address at all.

 

But thanks for everyone's help! Everyone can experiment with the cPanel's hotlink protection and if you come up with an answer, let us all know? :yes:

Link to comment
Share on other sites
Mission Collaborator

Mission

Posted
  • Author
Posted
Hello,

 

I wrote a rather useful tutorial on hotlinking:

http://www.totalchoicehosting.com/forums/i...968&hl=htaccess

 

I was just wondering about what it had, because as I can still pull an image from your website on to my own.

 

Jimuni

 

I don't have image files hotlink-protected because I need to link to them from lots of other sites. It was simpler to not protect them rather than adding 1,020,909,788 sites to the "allowed" list. :blink: And sometimes when I put in certain sites, those sites still couldn't pull the images in. (I put images in signatures at many forum boards.) B)

 

I mainly was trying to stop hotlinking of the videos, which it does, but it doesn't stop embedding of videos apparently. Thanks for your help, though!

Link to comment
Share on other sites
TCH-JimE Grand Master

TCH-JimE

Posted
Posted (edited)

Hello Mission,

 

Ah i see about the jpegs not being hotlinked.

 

I always like a challenge though, backup your htaccess first, but try this one, obviously replacing your URL in where it says yoursite.domain

 

>RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.domain/.*$ [NC]
RewriteRule \.(ram|rm|asx|wmv|swf)$ http://www.altaredlives.org [R,NC,L]

 

Jimuni

Edited by Jimuni
Link to comment
Share on other sites
Mission Collaborator

Mission

Posted
  • Author
Posted
Hello Mission,

 

I always like a challenge though, backup your htaccess first, but try this one, obviously replacing your URL in where it says yoursite.domain

 

>RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.domain/.*$ [NC]
RewriteRule \.(ram|rm|asx|wmv|swf)$ http://www.altaredlives.org [R,NC,L]

 

Jimuni

 

Thanks, Jimuni. This is what the .htaccess says from using the cPanel's Hotlink Protection app:

 

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://altaredlives.org/.*$ [NC]

RewriteCond %{HTTP_REFERER} !^http://altaredlives.org$ [NC]

RewriteRule .*\.(bmp|ram|rm|asx|wmv|pls|swf)$ http://www.altaredlives.org/videos.htm [R,NC]

 

And in the middle of it, there are "RewriteCond" lines for all the sites I allow to link directly to the media files. (That .bmp must be an oversight when I was removing image files. I don't even have any .bmp images on my site. :1eye:) I switched out the two lines above and replaced them with the line you wrote, and there was no difference in the results. :(

 

click wrote: Just a hunch here, but I think the problem may be that the embedded player isn't sending the HTTP referer so it fails the first "!^$" condition.

 

Hmmm, now THAT'S an interesting comment. I don't understand the hotlinking code, but what is sending the HTTP referrer when a link to the actual file is on a web site? What are the specifics that make embedding the .asx to the files different from linking directly to the .asx? This is an interesting learning experience. :) :)

Link to comment
Share on other sites
click Enthusiast

click

Posted
Posted
Hmmm, now THAT'S an interesting comment. I don't understand the hotlinking code, but what is sending the HTTP referrer when a link to the actual file is on a web site? What are the specifics that make embedding the .asx to the files different from linking directly to the .asx? This is an interesting learning experience. :) ;)

I don't know for certain, but I think the way it works is that when you link directly to a file, the web browser requests the file and therefore sets the HTTP Referer. When a media file is embedded, on the other hand, the web browser is simply handing the address off to a media player to play, so it is the media player that actually requests the file. If the media player isn't sending a HTTP Referer when it requests the file then it won't be blocked.

 

I don't mess with embedded media much and haven't actually tried it out, so it's just a theory, but it would explain why the blocks seem to work for files being linked directly but don't work if they're embedded.

Link to comment
Share on other sites
Mission Collaborator

Mission

Posted
  • Author
Posted
I don't know for certain, but I think the way it works is that when you link directly to a file, the web browser requests the file and therefore sets the HTTP Referer. When a media file is embedded, on the other hand, the web browser is simply handing the address off to a media player to play, so it is the media player that actually requests the file. If the media player isn't sending a HTTP Referer when it requests the file then it won't be blocked.

 

I don't mess with embedded media much and haven't actually tried it out, so it's just a theory, but it would explain why the blocks seem to work for files being linked directly but don't work if they're embedded.

 

Wow... interesting & sensible theory -- not encouraging, but interesting... :D Thanks for your input.

 

If you can't beat 'em, join 'em -- I embedded a video from my site over there, too! :whip:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...