Lee Kelleher’s Weblog

random posts on code, .NET, Umbraco and WordPress

How to prevent hotlinking to FLV files? (Flash Videos)

with 5 comments

My friend Shane (from DVD House of Horrors) is having a hard time trying to stop other websites hotlinking to his horror movie clips.  The site is running Joomla on a Linux server, so he’s been down the usual .htaccess routes to prevent remote hotlinking.

However the problem with FLV files is that they aren’t requested directly by the web-browser, but rather the Flash video player (a .swf file).  This causes a problem for the .htacces rules as there is no HTTP_REFERER value to restrict against.

This is causing an unnecessary hit on Shane’s bandwidth costs… so he’s desperately looking for an answer.

Any ideas are most welcome. Thanks.

Update: It seems that a lot of people have this same problem… so I suggested to Shane to turn the situation around by using the hotlinking as an advert for his site.  All his video clips are watermarked with the DVD House of Horrors logo.

I’m curious why the developers of the Flash video players don’t send a HTTP_REFERER value, but then again that’s also easy to spoof.

Written by Lee Kelleher

July 2, 2008 at 1:07 pm

Posted in blog

Tagged with , , , ,

«
»

5 Responses

Subscribe to comments with RSS.

  1. If he had access to the source of the video player could he not send an HTTP_REFERRER himself? THat’d quickly sort out the problem. Or add a querystring variable to the video link which is session related, so that only a valid site session can load the video, otherwise return an ad.

    Scott

    September 25, 2008 at 11:47 pm

    Reply

  2. Thanks for your reply Scott. If he knew Flash/ActionScript, he’d probably do just that.

    Good idea though. Hopefully one day, the JW FLV Player might implement it?

    Lee Kelleher

    September 26, 2008 at 9:07 am

    Reply

  3. With a combination of htaccess, a salt, and time key you can accomplish it. I’ve put together at hotlinkingprotection[dot]com

    Referer isn’t going to be of any use unless someone is direct clicking on a link to your file, and still isn’t foolproof.

    Gordon

    Gordon

    January 29, 2009 at 1:01 am

    Reply

  4. @ —> Gordan

    Gordan – would it be possible to modify the script to send a link that would be alive for 5 clicks, then redirect ? Something like SmartDD but still being able to stream the videos.

    agatto2

    March 27, 2010 at 4:15 pm

    Reply

    • Yes, it could easily be modified to work that way, but would require either a text file or mysal database to keep track of the loads. A couple of hours work at most.

      Gordon

      March 27, 2010 at 7:34 pm

      Reply

Leave a Reply