0

I found an answer on stackoverflow that suggests denying all access to the folder to prevent direct access to it and its content. However they also suggested that php would have no problem accessing any files forbidden by the .HTACCESS file.

Now in a sense this ain't straight forward because it's taken me longer to get working and still isn't.

<?php

/*
 * the folder channel is in html folder#
 * the folder channel has its own .htaccess file with code like
 * deny from all
*/

include("channel/150508084959b5b611e1dcf.mp4");
?>

now here i try to play a video from the forbidden folder expecting it to work because php included the file but i just get a server error in the console and in the apache.log file i get PHP Parse error: syntax error, unexpected '\xdf' (T_STRING)

<video src="channel/150508084959b5b611e1dcf.mp4" controls autoplay></video>

It might be that i either misunderstood the answer that was given or the the apache.log file but i really need help. Thanks in advance and any help is really appreciated.

Dennisrec
  • 333
  • 2
  • 22
  • 1
    Try `readfile` instead of `include`. And you may need set correct http headers. And video `src` shoule be url to your php file. – brevis Sep 18 '17 at 11:50

1 Answers1

1

It sounds like you want to use the .htaccess restriction to prevent people from accessing your content directly via a web request. These requests are handled by Apache which reads your .htaccess file and enforces the rules within it. PHP is able to get around these rules because it operates as a different process and does not go through Apache.

By using PHP you could then do something like:

<video src="video.php?id=150508084959b5b611e1dcf" controls autoplay></video>

And then your video.php file takes the id value and uses readfile (http://php.net/readfile) or stream_get_contents (http://php.net/stream_get_contents) or simple file reading and delivers the content.

However, if you are doing this to try and prevent people from accessing your content directly then this does not really solve the problem. People can just make requests to the video.php file to get the actual content. You're just replacing one method for another. If you really want to stop people it can get very complicated as it becomes a cat and mouse game.

If what you're worried about is people linking to your content you can try a simple implementation to prevent hotlinking (https://simple.wikipedia.org/wiki/Hotlinking): https://mediatemple.net/community/products/dv/204644230/prevent-hotlinking-with-a-htaccess-file

This will not stop people that are really invested in getting your content but it will make it more challenging that just putting a link in some HTML.

Mike S
  • 1,636
  • 7
  • 11