1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 6:07 pm May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

htaccess and hotlink

htaccess and hotlink

         

nabil

2:55 am on Jul 27, 2008 (gmt 0)

10+ Year Member



Hi all,

Can some one help me how to prevent mp3 files from direct download. I have a website to listen the music using SWF player and I want to limit donwload only to this SWF file. Unfortunalty I tried many htaccess scripts but it does not work. Perhaps I must modifey some thing on my server.

These codes below does not work on my server :

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(mp3¦wma)$ - [F]

----

SetEnvIfNoCase Referer "^http://www.site1.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://www.site2.com/" locally_linked=1
SetEnvIfNoCase Referer "^$" locally_linked=1
<FilesMatch "\.(mp3¦xml¦swf)$">
Order Allow,Deny
Allow from env=locally_linked
</FilesMatch>

----

RewriteRule ^.*\.mp3$ /foo [F]
RewriteRule ^.*\.MP3$ /foo [F]
RewriteRule ^.*\.Mp3$ /foo [F]
RewriteRule ^.*\.mP3$ /foo [F]

This end (the last script) works but he deny download from SWF file as well from direct link donwload :(

Thanks at advance for your help.

Regards

jdMorgan

3:18 am on Jul 27, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The problem is that most mp3 players do not provide a referrer. Therefore, you cannot use the HTTP Referer header as the basis of your media access control.

There are other methods, such as changing the URL of your mp3 files weekly/daily/hourly, so that only the currently-updated links on your own pages will work. There are some subtleties involved with this method. For example, you must take into account and tightly-control caching of the pages containing these links so that someone who has a very-recently-cached page with a link that you are just now changing does not get an error.

Another method is to rewrite all media file requests to a script. The script can then check for a cookie set by your page(s) containing the link to the media file, and refuse to send the media file content if the cookie is not set or has expired. If the cookie is valid, the script can open, read, and send the contents of the media file.

Again, there are many methods. These two are fairly common. Neither is as simple as referrer-based access control, but they are much more reliable.

Jim

nabil

1:31 pm on Jul 27, 2008 (gmt 0)

10+ Year Member



Thanks for the answer,

You don't have any mp3 player wich works with htaccess ?

I think that's the best solution is to disable donwload from a direct link of the mp3 file.

Best regards

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 6:07 pm May 2, 2026