I am using JWplayer on my website to play .mp4 files, when i check my site code the JWplayer code is like this.
<div class='jwplayer' id='jwplayer-0'></div><script type='text/rocketscript'>if(typeof(jQuery)=="function"){(function($){$.fn.fitVids=function(){}})(jQuery)};jwplayer('jwplayer-0').setup({"aspectratio":"8:5","width":"100%","primary":"html5","file":"http://mysite.se/wp-content/uploads/2014/09/sack.mp4"});
</script>
Now, how can i prevent someone from hotlinking that .mp4 files on a forum or another side or embed it on another player somewhere else if it's possible? i want the file only to be accessed by my own site if possible? i dont care if they download the file aslong as they dont hotlink it from my server.
You'd probably have to rely on checking the HTTP Referer field of the incoming request. The referer, however, can be easily forged to get around this limitation, but as it is, this is probably the easiest solution.
Try adding this to the htaccess file in your document root:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com/ [NC]
RewriteRule \.mp4$ - [L,F,NC]
Where "example.com" is your domain.
Related
How can i redirect video streams to another domain using htaccess? I am building a application where i can customize m3u playlists containing movies, series and live tv. I am writing a xtream-codes api emulator, so basically i am returning a different playlist (minimized / edited) - but i want the htaccess to redirect the streams request to the origin.
The playlist / api urls look like:
/player_api.php?username=user&pass=pass&action=get_live_categories
The stream url's look like:
/user/pass/streamid.ts
I tried redirecting with php, but this is not the way to go. I also tried to do a redirect on dns level - but thats not good because i can only redirect a complete domain / subdomain
RewriteEngine On
RewriteCond %{HTTP_HOST} ^([-a-zA-Z0-9]+)\.iptv-manager\.xxx$ [NC]
RewriteRule ^((?!index\.php$).*)$ http://player-api.iptv-manager.xxx/index.php?subdomain=%1&route=$1 [QSA,P]
The above code routes any subdomain (wildcard) and route, which is then processed by the php code. But i cant seem to route the video streams through php.
[edit]
As a little bit more explanation of what i am trying to build: Im trying to create a alternative for the Xtream-Editor online playlist editor. Because of the way Xtream-Codes api works - it will get the base url (player_api) and use that with the stream-id's it gets to build a stream url;
As i want to be able to let users not only edit their m3u list, but also provide a customized list in xtream codes api players - if i set the providers host in the initial call to my player_api, it will load the streams and categories from the provider - and not the modified list the user wants to load.
So im not trying to resell streams under a different name - i already made a m3u editor that is widely used, but it is windows based, and requires users to manually update the list when the provider changes their streams.
You need to get it done via php, .htaccess redirect only works for complete domain So use your .htaccess to redirect to php.
.htacess
RewriteRule ^live/(.*)/(.*)/(.*)$ yourphp.php?u=$1&p=$2&c=$3 [L,NE]
RewriteRule ^(.*)/(.*)/(.*)$ yourphp.php?u=$1&p=$2&c=$3 [L,NE]
php files
<?php
$c = str_replace (".ts","",$_GET['c']);
header("location: http://244.117.154.34:25461/".$c.".ch?u=".$_GET['u'].":p=".$_GET['p']."",false, 307);
That what you do to redirect xc to m3u or json to m3u
I wanna set up an download page.
I need to access those pages only through a login page and stop all the direct access to the download page path and also its files and again if anyone tries to access those pages directly then it should automatically redirect to login page itself or else at least with a 404 error.
How can I do all these in .htaccess file. It will be very much helpful in developing my website.
Thanks in advance
Assuming that your all of your downloads are inside of a downloads directory, something like this should do the trick.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(?:www\.)?your.site.*
RewriteRule ^downloads\/?.* http://your.site/login [R=302,L]
Alternatively (and ideally) you should instead keep the pages outside of the site's root directory and download them through a proxy page.
I am working with htaccess and I want to secure my website from attacks/injections of scripts in the url and I want to deny access to my site and record their ip address and deny them if they run their script it will stop it and close their browser .is it possible because from experience I have been using htaccess to hide the extension name of the pages that I have made help with this one would really be great.
and also this code which redirects
Redirect 301 / http://www.newdomain.com
Sure, there's a way to use a .htaccess file to detect whether <script> is in the URL and redirect them if so, but hopefully that's not your only line of defense. If you start blocking <script>, then maybe they'll start using <script > or <img onload=""> or, or, or… oh dear. The point is that filtering attacks is insufficient; instead, let them submit whatever data they want (even if it appears malicious), but prevent it from doing any harm by escaping appropriately.
That said, a RewriteRule like this might do it:
RewriteRule <script> http://www.example.com/ [L,R]
To log it, you could have not .htaccess do the redirect but rather route the request to some server-side script which logged it and then redirected. Alternatively you could just filter the access log yourself.
We have created a bunch of landing pages on a Joomla CMS system, such that the URL for each landing page is www.domain.com/page1.html and www.domain.com/page2.html, and so on. Of course the page1.html isn't really an HTML file it is a dynamic CMS page, just rewritten with htaccess.
The goal is to have one of our other domains, something like www.uniquedomain1.com show the content of www.domain.com/page1.html. Or, another domain like www.uniquedomain2.html show the content of www.domain.com/page2.html.
This needs to be search engine friendly so we can't use URL masking. Also we can't use HTACCESS redirects as this actually changes the URL in the browser bar. Need to keep the www.uniquedomain1.com URL in the browser bar.
Tried Apache VirtualHost options without any luck. You can park in a directory but not from a URL.
Ended up parking the domains on one folder, and then creating a PHP script to detect the domain host and then use CURL to query the correct url and deliver content. This whole thing seems ridiculously over complicated, and of course CURL isn't the best option, but it is all we could get to work.
Any thoughts on how to do this, or a better solution?
You can use HTACCESS redirect rules to do it without performing a redirect.
Change the html file names to be the domain name of the desired domain like domain.tld and do something like this in an .htaccess file
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(?:www\.)?([a-z0-9\.-]+\.[a-z]+) [NC]
RewriteRule ^$ /%1.html [L]
A quick test of this worked for two of my test (sub)domains test.domain.tld and test2.domain.tld. Both properly redirected to files with the names test.domain.tld.html and test2.domain.tld.html without modifying the URL.
You could also just use your PHP wrapper script to grab the content of each of the miscellaneous html files and output them.
If you renamed all of your HTML files (as in my previous suggested answer) to be domain.tld.html you could do it fairly easily. Something might look like:
<?php
require($_SERVER['SERVER_NAME'] .'.html');
My situation:
We have a mobile version of our website, and want to start redirecting mobile users to it. The plan is to do this in Apache httpd.conf or .htaccess, using something like this:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (iPhone|Blackberry|...)
RewriteRule (.*) mobile/$1
However we want there to be a way for users to override our default action of redirecting them. One way we thought to do it was to show a link on the mobile site directing back to the regular site, and store a cookie when they use that link.
Could the Apache configuration file check a cookie before redirecting?
Is there a better way?
The HTTP_COOKIE server variable contains the cookies passed from the client to the server. You can look in there to find out what cookies have been generated by a script or module.