3 Replies Latest reply: Aug 4, 2009 1:28 PM by Mike_Watt RSS

    Blocking access to media files

    Mike_Watt Community Member

      Hi there... Having a hard time finding the best answer to this.

       

      I'm working on a site that allows access to media files (mp3|flv) through the site. The site is a subscription service and uses php sessions to authenticate users. All pages that contain media files are protected and require authentication for access.

       

      The problem is, if you subscribe for just a short time you would be able to figure out our naming conventions and paths to media (follow date structured directories). How can I prevent the file from being served outside of a particular page asking for it? Even more so, I need the paid users to be able to right-click save-as from that page, but still block access to anyone else trying to access it.

       

      A user suggested mod_rewrite, I've looked into it and from what I understand that would only be effective against hot-linkers, but wouldn't do anything to stop someone from just typing into their browser: http://mysite.com/media/2009/August/media_file.flv

       

      I know there must be a way to do this, but I just don't know where to begin.

       

      Any help is much appreciated.

        • 1. Re: Blocking access to media files
          Mylenium CommunityMVP

          Well, sounds like you really should get into a CMS/ blog system. E.g. in Wordpress this would be easy by password-protecting pages/ posts - a user that is not logged in, is denied access to all files that don't belog to him, even if he knows the link (if you work within the framework, of course). The simple mod-rewrite I was suggesting elsewhere would of course work on a directory basis, but doesn't take care of user management...

           

          Mylenium

          • 2. Re: Blocking access to media files
            Maneet Puri Community Member

            Hi,

             

            What you can  do is every time a movie is to be shown first move it to a temp folder from the  actual location and then run it from there.

            You can then  write a script that will execute after every say 30 minutes and will delete the  files created in the temp folder one hour back or maybe 30 minutes ago. This  time will depend on the what duration movies you are listing on your  website.

            And for  users to save they can do it from the temp location itself. So even if any user  knows the path cannot download it as the movie file will not be there after some  time.

            Hope this  makes sense to you

            Cheers,

             

            ~Maneet

            • 3. Re: Blocking access to media files
              Mike_Watt Community Member

              It does make sense in theory, though I'd have no idea where to begin... can you point me towards anything like this that I can look at?

              Would this be similar to writing to a temp directory when a user uploads a file (as far as scripting is concerned)?