Hi, Everyone

I have read and tried the code at http://www.dialme.com/articles/entry/How-to-Prevent-direct-access-to-files-and-folders but I still have a problem:

My website has a bunch of quicktime movies that I want subscribers to view within my html pages, but not download. I’ve used quicktime parameters to prevent downloading to some extent, but users could still read my code (mozilla resists all encryption attempts, even external javascript files) and go directly to the media URL and download from there, which I also don’t want.

htaccess has not worked because no one can find a way to simultanesouly 1) block users from typing the media URL directly into a browser and downloading that way, and 2) still allowing the media to play in the html (actually php) page. I can always get one or the other, but not both. To be specific, in solution A, I type www.mysite.com/my.mov into the browser and I get redirected to www.mysite.com/home.php. It’s cool, it works, but when I load www.mysite.com/page_with_my_movie.php, my.mov won’t play at all; I just get the quicktime “Q” hanging there. In solution B, the movie plays AND you can go directly to the URL and download away.

A fix that did NOT work was putting the quicktime files outside the “www” root of my domain and calling them via php. This didn’t work because I need to play several consecutive movie files on the same page in the same player. The php could call only one movie per page with this solution.

Ideas?

Thanks,

newbie J

I haven't tried this with quicktime videos, but I have used it with other videos in the past.

The code provided needs to go in .htaccess where the files/videos reside.

If the videos reside in your main directory (yoursite.com/my.mov) then in yoursite.com/.htaccess

If the videos reside in a subfolder/directory (yoursite.com/videos/my.mov) then you can place the code in yoursite.com/videos/.htaccess) if you want it to only affect the (video) folder/directory and not the rest of your site.

If you type in your browser yoursite.com/my.mov you should be redirected back to your home page or whatever address you specify in the code. Preventing the user from downloading it directly.

If you add the specific page that the movies reside on and want to play in for example(mysite.com/page_with_my_movie.php) to the RewriteCond to allow this page. That should allow a user to view it as long as they are using click-able links on your site and not going there directly.

RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com.* [NC]

Should take care of your entire site. The RewriteRule is where you want them to go if they are trying to access it directly.

Or you could try adding other RewriteCond if necessary maybe:
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/movie.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/page_with_my_movie.php [NC]

You may also try with and without the (www) such as:
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com/.* [NC]
etc...etc.

To cover one or the other or both with and without the www prefix.

Your host will also need mod_rewrite enable, which it sounds like it does since it did redirect like it is supposed too. Also make sure that there is not any conflicting code in the .htaccess file that might affect it.

There are many things you can do with .htaccess, but it can be a pain as it usually needs to be exact. If not it either errors out or doesn't do anything.

I have had mozilla firefox give more trouble than ie with this for some reason. And dolphin ray folders do not like this code so well, but dolphin images, media, and gereal .php, .css, .html files it tends to like better.