How to prevent hotlinking to FLV files? (Flash Videos)
My friend Shane (from DVD House of Horrors) is having a hard time trying to stop other websites hotlinking to his horror movie clips. The site is running Joomla on a Linux server, so he’s been down the usual .htaccess routes to prevent remote hotlinking.
However the problem with FLV files is that they aren’t requested directly by the web-browser, but rather the Flash video player (a .swf file). This causes a problem for the .htacces rules as there is no HTTP_REFERER value to restrict against.
This is causing an unnecessary hit on Shane’s bandwidth costs… so he’s desperately looking for an answer.
Any ideas are most welcome. Thanks.
Update: It seems that a lot of people have this same problem… so I suggested to Shane to turn the situation around by using the hotlinking as an advert for his site. All his video clips are watermarked with the DVD House of Horrors logo.
I’m curious why the developers of the Flash video players don’t send a HTTP_REFERER value, but then again that’s also easy to spoof.
![[nxnw logo]](http://www.gravatar.com/avatar/6a8e6348aa8c014a012bde96c9b04270?s=90 "North by Northwest")
If he had access to the source of the video player could he not send an HTTP_REFERRER himself? THat’d quickly sort out the problem. Or add a querystring variable to the video link which is session related, so that only a valid site session can load the video, otherwise return an ad.
Scott
September 25, 2008 at 11:47 pm
Thanks for your reply Scott. If he knew Flash/ActionScript, he’d probably do just that.
Good idea though. Hopefully one day, the JW FLV Player might implement it?
Lee Kelleher
September 26, 2008 at 9:07 am
With a combination of htaccess, a salt, and time key you can accomplish it. I’ve put together at hotlinkingprotection[dot]com
Referer isn’t going to be of any use unless someone is direct clicking on a link to your file, and still isn’t foolproof.
Gordon
Hotlinking Protection
January 29, 2009 at 1:01 am