HOWTO protect movie files with htaccess

[Chilihost]

I have been asked this question a few times recently so I have decided to do up this post to help out everyone.

Protecting your content with htaccess files is standard practice for most website owners, whether it be for protecting a members area or just stopping hotlinking and saving your bandwidth. But normal htaccess files will not protect movie files because when a surfer clicks a movie file, their computer launches a new application (windows media player, quick time player, etc), and this new application that requests the movie file without any referral data, which htaccess protection relies on to work.

The way around this problem is to use cookies. Briefly, you set a cookie on your gallery page and then check for that cookie in an htaccess file in your movie directory.

NOTE: if your surfer has cookies turned off or is not allowing them, they won't be able to get your movies

Here is exactly how to do this:

1) On your gallery page, use this code to set a cookie on the surfer's pc. Add this javascript to the <head> section of the document containing the links to your videos.

Code:

*SCRIPT language="JavaScript">
  document.cookie = "id=valid; path=/"
*/SCRIPT>

note - I could not post this code properly so you have to replace the two * with <

2) Put your videos into a separate directory. Nothing else goes in this directory except this .htaccess file:

Code:

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !(^|(.+;)*)id=valid(;.*|$)
RewriteRule .*$ http://www.yourdomain.com/cheaters.html

And just replace yourdomain.com/cheaters.html with the appropriate URL.

Hope this helps,

cheers!
Luke

[Dzinerbear]

Okay ... where's the catch? This looks too easy. This stuff is never this easy.

Thanks Luke, I'm going to put this to use.

Cheers
Dzinerbear

[richiedude]

DOESN'T WORK.

at least it didn't for me. I copied you code EXACTLY and changed the appropriate thing for my domain and it did not work.

why? something is missing or not right.

[Chilihost]

your surfer has to accept cookies for this to work properly. Also your server must allow rewrite rules for your domains. Maybe you can check on both of those?

cheers,
Luke

[richiedude]

my server allows rewrite rules.

so . . . if someone has cookies disabled they can bypass this? should kick to the error page also no?

[Chilihost]

if cookies are disabled, they will not be able to see the video since the htaccess file will check for the cookie and not find it. Therefore, they will be kicked to the URL you specify in the cheaters.html line.

cheers,
Luke

[Xstr8guy]

Luke, will this work in conjuction with a standard .htaccess file that protects the members area?

Btw, love the new avatar!

[Dzinerbear]

Yes, who is this guy in your new avatar? Quite exotic looking. I'm surprised no one else has mentioned it yet.

Michael

[Xstr8guy]

Yeah, that handsome dude looks like an Aussie surfer stud!

[Chilihost]

that's my self portrait (can you tell I took it?) from a couple of days ago :goofy:

for your question check out point #2 "put your videos in a separate directory with this htaccess file". This htaccess will be the only one used for this directory.

cheers
Luke

[Xstr8guy]

So this folder is all by itself in the root directory? I typically put movie folders inside my members directory but the .htaccess in my members directory would over-ride the movie folder .htaccess. Right?