6

I used the below tricks:

First, I disabled the right click in order to prevent the user from using save as or get link using this HTML5:

<body oncontextmenu="return false;">
</body>

Second: I used the controlsList="nodownload" but the problem it works fine ONLY in Chrome 58+ as per this, later on I may consider customs control as shown here

<video width="512" height="380" controls controlsList="nodownload"
       poster="https://archive.org/download/WebmVp8Vorbis/webmvp8.gif" >
      <source src="videos/289522.mp4" type="video/mp4">
      <source src="videos/289522.ogv" type="video/ogg">
      <source src="videos/289522.webm" type="video/webm">
      Your browser doesn't support HTML5 video tag.
</video>

I still need to prevent the user from downloading it in case he got the link by other means, I found some talks about using .htaccess, so I created one inside the videos folder, and tried this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://my.domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.my.domain.com/.*$ [NC]
RewriteRule .(mp4|mp3|avi)$ - [F]`

and used as an alternate way, this:

<Files "reminder.php">
        Order Deny,Allow
        Deny from all
        Allow from http://my.domain.com/
        Allow from http://my.domain.com/
</Files>

But what happened is video had been blocked completely, even from my website itself, and I started getting this error:

GET http://my.domain.com/videos/289522.mp4 500 (Internal Server Error)

Hasan A Yousef
  • 22,789
  • 24
  • 132
  • 203
  • 1
    Possible duplicate of [How to prevent downloading images and video files from my website?](http://stackoverflow.com/questions/1294501/how-to-prevent-downloading-images-and-video-files-from-my-website) – Sahil Gulati May 13 '17 at 10:20
  • Looks like you already found some good solutions to make it harder for your video's to be downloaded. – Alicia Sykes May 13 '17 at 10:26
  • Can you confirm that the `.htaccess` you are modifiying is INSIDE the sub-directory with your videos in, AND that you have another `.htaccess` in your project/server root? As sounds like that's causing the issue your getting – Alicia Sykes May 13 '17 at 10:26
  • @Lissy yes, you are correct, the one I modified is INSIDE the videos subvolder, and I do have another one in the server root, shall I delete one of them? – Hasan A Yousef May 13 '17 at 10:29
  • That's correct to have two. And only the one in your media sub-directory should be blocking direct access to video content, so you don't have anything like: `RewriteRule .(mp4|mp3|avi)$ - [F]` in your main `.htaccess`? – Alicia Sykes May 13 '17 at 10:32

1 Answers1

7

This is possible.

Your .htaccess solution is a good idea, to get it to work, your .htaccess needs to be in a sub-directory with the source videos, and nothing else. Update it so that it looks like this:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteRule .(mp4|mp3|avi)$ - [F]`

Alternatively this should work too (to completley block access to your video conent)

RewriteEngine On
RewriteCond %{REQUEST_URI} \.(mp4|mp3|avi)$ [NC]
RewriteRule ^.* - [F,L]

It is required to include both codes together:

RewriteEngine On
RewriteCond %{REQUEST_URI} \.(mp4|mp3|avi)$ [NC]
RewriteCond %{HTTP_REFERER} !^http://sample.com/.*$ [NC]
RewriteRule ^.* - [F,L]

On a side-note, while we're talking about .htaccess, check out this tool for writing and testing your file: http://htaccess.mwl.be/ . It lets you see which conditions will meet which URL patterns and what the outcome will be, much faster than deploying to your server each time you make a change ;)

Hasan A Yousef
  • 22,789
  • 24
  • 132
  • 203
Alicia Sykes
  • 5,997
  • 7
  • 36
  • 64
  • But this is exactly what I have done, I created ADDITIONAL `.htaccess` file inside my videos folder – Hasan A Yousef May 13 '17 at 10:30
  • ok, if both your `.htacces` files are correct, see this answer for why it's not refreshing: http://stackoverflow.com/a/26181187/979052 I had a similar issue in the past, and somehow Chrome had cached my old file – Alicia Sykes May 13 '17 at 10:38
  • ok, tested it out on my server, and got this working fine: `RewriteCond %{REQUEST_URI} \.(mp4|mp3|avi)$ [NC]` - give that a try – Alicia Sykes May 13 '17 at 10:42
  • 1
    You can make it harder to download, but as this answer notes, ultimately, if it can be viewed it can be downloaded. Even with things like DRM someone could do a screen capture or even record if off the screen if they wanted a copy bad enough. Referers can be spoofed; but that said, most people aren't going to bust out Wireshark and try to figure it out if you put some simple roadblocks in the way. – Useless Code May 13 '17 at 10:44
  • I used the second bloc in your answer, and it gave me 403 error in both the link in my website, and in the direct link in the browser bar – Hasan A Yousef May 13 '17 at 10:55
  • You should only be applying this code to your sub-directory, not your whole domain! – Alicia Sykes May 13 '17 at 11:02
  • exactly this what I did, I added the 3 lines in a .htaccess in the videos folder – Hasan A Yousef May 13 '17 at 11:05
  • And you have a different, correct `.htaccess` in your main/ root folder, right? Can you post it? I tried this code out on my server, works totally fine – Alicia Sykes May 13 '17 at 11:08
  • Sorry, I considered one part of your answer that is `%{REQUEST_URI}` once I added the other part, which is `%{HTTP_REFERER}` I got things done. thanks a lot. – Hasan A Yousef May 13 '17 at 11:14