Search code examples
phphtml.htaccess

Allowing video to be played in <video> element from my website, but not allowing it through direct link

I used the below tricks:

First, I disabled the right click in order to prevent the user from using save as or get link using this HTML5:

<body oncontextmenu="return false;">
</body>

Second: I used the controlsList="nodownload" but the problem it works fine ONLY in Chrome 58+ as per this, later on I may consider customs control as shown here

<video width="512" height="380" controls controlsList="nodownload"
       poster="https://archive.org/download/WebmVp8Vorbis/webmvp8.gif" >
      <source src="videos/289522.mp4" type="video/mp4">
      <source src="videos/289522.ogv" type="video/ogg">
      <source src="videos/289522.webm" type="video/webm">
      Your browser doesn't support HTML5 video tag.
</video>

I still need to prevent the user from downloading it in case he got the link by other means, I found some talks about using .htaccess, so I created one inside the videos folder, and tried this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://my.domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.my.domain.com/.*$ [NC]
RewriteRule .(mp4|mp3|avi)$ - [F]`

and used as an alternate way, this:

<Files "reminder.php">
        Order Deny,Allow
        Deny from all
        Allow from http://my.domain.com/
        Allow from http://my.domain.com/
</Files>

But what happened is video had been blocked completely, even from my website itself, and I started getting this error:

GET http://my.domain.com/videos/289522.mp4 500 (Internal Server Error)

Solution

  • This is possible.

    Your .htaccess solution is a good idea, to get it to work, your .htaccess needs to be in a sub-directory with the source videos, and nothing else. Update it so that it looks like this:

    RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteRule .(mp4|mp3|avi)$ - [F]`

    Alternatively this should work too (to completley block access to your video conent)

    RewriteEngine On
RewriteCond %{REQUEST_URI} \.(mp4|mp3|avi)$ [NC]
RewriteRule ^.* - [F,L]

    It is required to include both codes together:

    RewriteEngine On
RewriteCond %{REQUEST_URI} \.(mp4|mp3|avi)$ [NC]
RewriteCond %{HTTP_REFERER} !^http://sample.com/.*$ [NC]
RewriteRule ^.* - [F,L]

    On a side-note, while we're talking about .htaccess, check out this tool for writing and testing your file: http://htaccess.mwl.be/ . It lets you see which conditions will meet which URL patterns and what the outcome will be, much faster than deploying to your server each time you make a change ;)