secure media files without http_referer - modperl

This is a discussion on secure media files without http_referer - modperl ; I want to protect my flash video from robot downloaders to save on bandwidth. I created a captcha that must be entered on the page that contains the flash ..swf which loads and plays the .flv video. The captcha is ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: secure media files without http_referer

  1. secure media files without http_referer


    I want to protect my flash video from robot downloaders to save on bandwidth.
    I created a captcha that must be entered on the page that contains the flash
    ..swf which loads and plays the .flv video. The captcha is done in a
    PerlAccessHandler. Also in Apache, I tried to place a restriction on the
    directory containing the .flv files by doing a RewriteCond on the
    HTTP_REFERER. However, there is no referer passed and I've since read that
    it can easily be spoofed. So I'm looking for a more cleaver way of
    restricting access to the flash directory, while still allowing the .swf to
    read the .flv files. So far every restriction I've put on the directory also
    prevents the videos from loading in the .swf player.

    Any ideas? Thanks.
    --
    View this message in context: http://www.nabble.com/secure-media-f...p18243032.html
    Sent from the mod_perl - General mailing list archive at Nabble.com.


  2. Re: secure media files without http_referer

    On Wed, Jul 2, 2008 at 1:41 PM, tmpusr889 wrote:
    > I created a captcha that must be entered on the page that contains the flash
    > .swf which loads and plays the .flv video. The captcha is done in a
    > PerlAccessHandler.


    Ok, and what does it do when you succeed? A cookie? A token in the
    URL? Either of those should work fine for what you're trying to do.

    - Perrin


  3. Re: secure media files without http_referer


    A cookie would certainly work, but I was trying to find something simpler. I
    don't know much about URL tokens. How would something like that work? Thanks
    for you reply.


    Perrin Harkins wrote:
    >
    > On Wed, Jul 2, 2008 at 1:41 PM, tmpusr889 wrote:
    >> I created a captcha that must be entered on the page that contains the
    >> flash
    >> .swf which loads and plays the .flv video. The captcha is done in a
    >> PerlAccessHandler.

    >
    > Ok, and what does it do when you succeed? A cookie? A token in the
    > URL? Either of those should work fine for what you're trying to do.
    >
    > - Perrin
    >
    >


    --
    View this message in context: http://www.nabble.com/secure-media-f...p18244800.html
    Sent from the mod_perl - General mailing list archive at Nabble.com.


  4. Re: secure media files without http_referer

    On Wed, Jul 2, 2008 at 3:18 PM, tmpusr889 wrote:
    > A cookie would certainly work, but I was trying to find something simpler. I
    > don't know much about URL tokens. How would something like that work?


    Redirect them to a URL with ?auth=x in it. Check the token with an
    access or authz handler.

    - Perrin


  5. Re: secure media files without http_referer

    even simpler is to rename the file every few minutes, and redirect
    them to the current name.


    On Wed, Jul 2, 2008 at 2:26 PM, Perrin Harkins wrote:
    > On Wed, Jul 2, 2008 at 3:18 PM, tmpusr889 wrote:
    >> A cookie would certainly work, but I was trying to find something simpler. I
    >> don't know much about URL tokens. How would something like that work?

    >
    > Redirect them to a URL with ?auth=x in it. Check the token with an
    > access or authz handler.
    >
    > - Perrin
    >
    >



  6. Re: secure media files without http_referer

    > On Wed, Jul 2, 2008 at 3:18 PM, tmpusr889 wrote:
    >> A cookie would certainly work, but I was trying to find something
    >> simpler. I
    >> don't know much about URL tokens. How would something like that work?

    >
    > Redirect them to a URL with ?auth=x in it. Check the token with an
    > access or authz handler.


    How about mod_auth_tkt to protect the resources, then you don't need a
    mod_perl enabled server.

    Use perlbal and redirect behind-the-scenes from a mod_perl auth-checker to
    the static resource.

    Carl


+ Reply to Thread