Stamp Out Thieving

[jaymc]

Ok i have a website which is used so people can listen to audio

I use the <embed> player to achieve this... i have done what i can as in hide the music link, such as put it in frames, disable right click etc...

but in other browsers their are still ways around it, and its now becoming a big problem has so many people are learning how to rob audio

Hotlink protection is out the question, Embed does not send any headers, their for HTACCESS does not work

and Object has problems with WMA files

basically i need a way to hide the link, from the source, and from right clicking on the media player

is it possible to pass information to a special flash player, so for example

www.site.com/index.php?file=song.wma

is it possible to get flash to read that in, an play what ever file= equals

or perhaps you have another way of stopping people from typing www.site.com/song.wma and in turn downloading the file

really cracking me up this, be lookin for a solution for months

[scientica]

maybe php or something like that and using sessions maybe make a hash of the file name and xor with the session ID (SID), or using some method to create time limited URIs - it's possible to use PHP as 'proxy' for data (eg http://foo/dl.php?stream=foo&authency_hash=aef21a that could send the needed headers and then the streams data) , but it's the same as encryption, all we can do is make it harder (ie using schemes that theoretically will take more time than the estimated unverses age to brute force for 'unlucky') - the same applies for sound, can it be heard by human ears then other 'things' can hear it as well.

Flash might be possible, though, I don't know enougth of the scripting laguage of it to know how it would work.

Why not just give the user regular links? that way the user can choose the player (ie poor windows users might not have to sell their souls and use windows media pr^Hlayer), and then hotlink (don't know what the is though) protection might work?

[jasonlambert]

Are you sure <embed> tags cause browsers not to send a HTTP referer? That does not make sense... It should just be a standard HTTP GET request used to retrive the file no?

Try setting up your .htaccess file like this for hotlink and anonymous download and a bit of "wget" protection.

The example below will only allow the file to be retrieved if the HTTP referer is set to your domain name (substitute "example.com"). Note that this may also prevent some people who use privacy software that hides their HTTP referer from accessing your audio.

Legitimate requests from a browser requesting the file from the <embed> tag should send a HTTP referer.

Code:

RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC]
RewriteRule \.wma$ - [F]

Please note this is not 100% fool proof, but it will stop most leaches

If test this and you are 100% sure that it does not work, let me know as I have a few other ideas.

[jaymc]

Hi, i followed your advice

here is a test link

http://www.jmchost.net/test/tester.htm

inside test = .htaccess
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_REFERER} !^http://(www\.)?jmchost\.net/ [NC]
RewriteRule \.wma$ - [F]

aswell as tester.htm and 101.wma

With the htaccess enabled the song will not play... with it off the song plays but you can also download

any other ideas ?

by the way its not so much hotlinking i care about, its directly downloading

[stecost]

i worked with jamie on this trying to solve the problem, it wasnt the embedded media player that doesnt send the reffer it was the wma format. i tested it with mp3 with the same htaccess and it worked but the audio quality is considerably worse for mp3 files when they are compressed to a small file size, wheras it is alot better when compressed as wma.
i hope this will clear up any misunderstandings and maybe get the problem fixed.