Prevent direct access to mp4 (IE/Edge ignoring HTTP_REFERER)

Question

I would like to show videos (mp4) on my website but want to prevent direct access (example.com/videos/vide1.mp4). I managed to add restriction to .htaccess which I placed to video folder:

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example\.com [NC] 
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example\.com.*$ [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com.*$ [NC] 
RewriteRule .*\.(gif|png|mp4)$ https://www.example.com/ [L]

This worked on Firefox/Chrome/... but on IE or Edge I get error "Invalid Source" and video is not shown on website. Looks like IE/Edge ignores or uses different HTTP_REFERER? Is there any solution for this problem?

Since there is no solution for this, how could I check HTTP_REFERER and deny direct access for all except Edge browser (so another RewriteCond which would check if HTTP_USER_AGENT is Edge - or if there would be some better solution for this)? — SilverSilencer, Nov 06 '17 at 07:31

Croises · Answer 1 · 2017-11-03T19:18:56.843

1

There is a lot of tools or browsers or 'anonymizers' that might block the referer.
Which browsers/plugins block HttpReferer from being sent?

You can use:

RewriteEngine on
# This line is the equivalent of your 4 lines
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC] 
RewriteRule \.(gif|png|mp4)$ - [F,L]

edited Nov 03 '17 at 19:18

answered Nov 03 '17 at 14:22

Croises

18,570
4
30
47

With this example video is shown in browser (Edge), but you can also get to video directly through URL (example.com/videos/vide1.mp4) which is what I want to prevent. – SilverSilencer Nov 03 '17 at 18:33
OK! Try to ban it with the [F] (forbidden) flag – Croises Nov 03 '17 at 19:19

Prevent direct access to mp4 (IE/Edge ignoring HTTP_REFERER)

1 Answers1