0

I'm preventing direct access to videos, played by Projekktor, at a website. The restriction is set within the .htaccess file:

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.ltd [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.ltd.*$ [NC] 
RewriteRule \.(avi|mp4|webm|m4v)$ - [F]

This works great when playing the videos in a browser on a computer, but when I'm trying to watch the video from a smartphone, it won't work.

I'll think it is because the video, on a smartphone, isn't displayed through the browser - when dealing with HLS.

I've tried with a Nexus 5, Android 4.4.3, Chrome browser. Anyone knows an easy solution? :)

Joachim
  • 320
  • 3
  • 12

2 Answers2

0

You would need to provide some more details to get accurate help like an example URL of what works and what does not. I would say that if you want to prevent direct access to HLS you need to filter through .m3u8 and .ts files as well on top of the avi|mp4|webm|m4v you have set up.

Arnaud Leyder
  • 6,674
  • 5
  • 31
  • 43
0

You mention HLS in the title, but then only talk about avi|mp4|webm|m4v files in the in the question. Is this HLS (.ts media files) or progressive download?

In any case, when the app requests the video file, it does not pass a referer header. So trying to filter on the HTTP referer header value is not working. I recommend that you filter on user-agent. The media player on the device identifies itself with a unique user agent. You can allow access to the files either if the referer is your domain, or if the user agent is from your app (you may even be able to set a custom user-agent)

Sophisticated users will be able to get around this by forging their user-agent, but they could do this with the referer block as well. (This can't be done with a simple link from a browser.)

wombat57
  • 1,341
  • 1
  • 13
  • 26