0

I run a music blog and I have a player at the top that plays mp3s. I don't want the user to be able to look at my code to get where the mp3 is kept, go to the site, and save the mp3. I'm guessing I can forbid them from directly accessing the mp3 by going to its file location, but still allow my mp3 player to work. My intuition is to add some lines to my .htaccess file, but I know very little about htaccess, so could someone help me out?

jas7457
  • 1,971
  • 5
  • 30
  • 47
  • 1
    [How to prevent a file from direct URL access](http://stackoverflow.com/q/10236717/102937) – Robert Harvey Mar 04 '13 at 21:56
  • [Deny direct access to a folder and file by htaccess](http://stackoverflow.com/questions/9282124/deny-direct-access-to-a-folder-and-file-by-htaccess) – Robert Harvey Mar 04 '13 at 21:59
  • I tried your first link and it made it so that my songs don't play in my music player either. I use jPlayer for the music player. If it helps, my site is http://www.startingtofeelit.com/ – jas7457 Mar 04 '13 at 22:01
  • @RobertHarvey: Both don't meet the requirement. He requires it to be available as an embedded resource in a webpage, but not available for direct downloading. – Madara's Ghost Mar 04 '13 at 22:01

1 Answers1

4

It's impossible. The browser can look (In Chrome, press F12 and go to the Network tab) at where the file is actually downloaded, and save it directly from there.

You can't prevent a user from saving what he's already downloading.

Madara's Ghost
  • 172,118
  • 50
  • 264
  • 308
  • I once met an engineer for a music site (I think it was Scour.net) who used symbolic links with a timestamp in the path as a way to create temporary URLs to a single asset that would only be sharable for a few minutes (I think it was 6 times the length of the song to allow for slow connections). – Jason Sperske Mar 04 '13 at 21:59
  • @JasonSperske: Again, if my browser is downloading it, I (the user) can save it. It doesn't matter what it is, temporary URL or not, image, song or porn. If it's there in the web, and my browser downloaded and displayed (played) it for me, I can save it to my computer, by definition. – Madara's Ghost Mar 04 '13 at 22:00
  • I agree, it just seemed like a clever solution to limit the sharing of URLS which would cause the music site to pay for hosting the files without earning anything – Jason Sperske Mar 04 '13 at 22:03
  • @MadaraUchiha I just don't want them to simply be able to go directly to the URL and be able to File->Save As. I want an extra level of deception on there to deter users from easily downloading mp3s from our servers. – jas7457 Mar 04 '13 at 22:06
  • @jas7457: Just out of curiosity, why do you mind if they download your mp3s or not? If you gave it to them, they can do whatever they want with it (as long as it meets your license terms). Saving it doesn't breach terms. – Madara's Ghost Mar 04 '13 at 22:10
  • @MadaraUchiha is 100% correct here. Even a deceptive URL scheme won't prevent anyone who can hear music on your site from saving what they are listening to. On my site (also a music site that uses jPlayer) I worked on making the MP3 as annoying as possible (cryptic name, missing ID3) and the business model (ha!) based on music being shared – Jason Sperske Mar 04 '13 at 22:11
  • @MadaraUchiha because they are mp3s from various artists. We want the users of the site to go to the artists' sites, or iTunes, or what have you, to buy/download the mp3. We want to discourage users from simply downloading the mp3s off of our servers. – jas7457 Mar 04 '13 at 22:14