Forum Moderators: phranque
I've done quite a lot of searching and reading but I'm not sure exactly how to do something and it's pretty urgent and I need to get it right.
I'm trying to prevent people linking directly to some Windows Media .wmv files on mysite1 without visiting the movie index page on mysite2 first. So how can I redirect people from a .wmv on mysite1 to a .htm on mysite2, UNLESS they come from a link on one of the 2 sites themselves?
This is my current .htaccess file:
ErrorDocument 401 [mysite1.com...]
ErrorDocument 403 [mysite1.com...]
ErrorDocument 404 [mysite1.com...]
ErrorDocument 500 [mysite1.com...]
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mysite1.com/.*$ [NC]
RewriteCond %{HTTP_REFERER}!^http://(www\.)?mysite2.com/.*$ [NC]
RewriteRule \.(gif¦jpg¦wmv)$ [mysite1.com...] [R,L]
I'm guessing that another rewrite rule will be needed, not just a plain 301 reirect. Does the rewrite engine need to be turned on again for the new rule?
Another related question: Will the redirect still show up as a hit on the .wmv file in Urchin Stats? The site owner doesn't want to see hits in the stats direct from his competitor's site, even if they cost him almost no bandwidth.
Welcome to WebmasterWorld!
I'm afraid your project is doomed by two facts:
1) Media players and browsers cannot understand a redirect from a media file to an HTML file. It just won't work. One look at the way that HTML pages and media files are linked-to and included respectively will show why this is true.
2) Media players almost never provide an HTTP_REFERER, so basing access control upon referrer is futile.
We've covered this subject many times, but the simplest way out of this box is to use a cookies-based authentication system where you set the cookie on your "movie index" HTML page, and then serve the media files using a script that checks for and requires that cookie. For security, the cookie should expire in less than one day and it should be a non-random, verifiable, encrypted string to avoid hackers "guessing" valid cookie values.
Jim
In the meantime I badly need to stop people from one other nastysite in particular linking to the 2 wmv files on mysite1. If I just put the 2 files into a folder on their own, couldn't I put a .htaccess file in that folder to completely block access to that folder for visitors from that particular nastysite?
What would the code be and would a redirect still not be possible or would I have to provide a link to the movie index from the error file? (and would that be the 403 file or the 404 file or what?)
Sorry to not hunt for the code myself again but I've been on this for a couple of days now and it's just not happening. I'm all Googled out, I don't know my http_referrer from my remote_host, my deny from my redirect, and I'm in danger of personally footing a huge bandwidth bill.
If a technical solution is beyond your current reach, a legal solution may be more attractive.
Jim
In case it makes any difference I just wanted to clarify that I don't mean hotlinking as in embedding the video in their page, I just mean providing a hyperlink to the file, as in:
<a target="_blank" href="http://www.mysite1.com/videofile.wmv">
Does that change anything?
I don't think I'd have a legal case to stop them doing that. The cookie thing will be within my grasp, I just need the time to sort it out.
