Mailing List Archive: ModPerl: ModPerl

secure media files without http_referer

Index | Next | Previous | View Threaded

tmpusr889 at yahoo

Jul 2, 2008, 10:41 AM

Post #1 of 6 (380 views)
Permalink

secure media files without http_referer

I want to protect my flash video from robot downloaders to save on bandwidth.
I created a captcha that must be entered on the page that contains the flash
.swf which loads and plays the .flv video. The captcha is done in a
PerlAccessHandler. Also in Apache, I tried to place a restriction on the
directory containing the .flv files by doing a RewriteCond on the
HTTP_REFERER. However, there is no referer passed and I've since read that
it can easily be spoofed. So I'm looking for a more cleaver way of
restricting access to the flash directory, while still allowing the .swf to
read the .flv files. So far every restriction I've put on the directory also
prevents the videos from loading in the .swf player.

Any ideas? Thanks.
--
View this message in context: http://www.nabble.com/secure-media-files-without-http_referer-tp18243032p18243032.html
Sent from the mod_perl - General mailing list archive at Nabble.com.

perrin at elem

Jul 2, 2008, 11:31 AM

Post #2 of 6 (359 views)
Permalink

Re: secure media files without http_referer [In reply to]

On Wed, Jul 2, 2008 at 1:41 PM, tmpusr889 <tmpusr889[at]yahoo.com> wrote:
> I created a captcha that must be entered on the page that contains the flash
> .swf which loads and plays the .flv video. The captcha is done in a
> PerlAccessHandler.

Ok, and what does it do when you succeed? A cookie? A token in the
URL? Either of those should work fine for what you're trying to do.

- Perrin

tmpusr889 at yahoo

Jul 2, 2008, 12:18 PM

Post #3 of 6 (353 views)
Permalink

Re: secure media files without http_referer [In reply to]

A cookie would certainly work, but I was trying to find something simpler. I
don't know much about URL tokens. How would something like that work? Thanks
for you reply.

Perrin Harkins wrote:
>
> On Wed, Jul 2, 2008 at 1:41 PM, tmpusr889 <tmpusr889[at]yahoo.com> wrote:
>> I created a captcha that must be entered on the page that contains the
>> flash
>> .swf which loads and plays the .flv video. The captcha is done in a
>> PerlAccessHandler.
>
> Ok, and what does it do when you succeed? A cookie? A token in the
> URL? Either of those should work fine for what you're trying to do.
>
> - Perrin
>
>

--
View this message in context: http://www.nabble.com/secure-media-files-without-http_referer-tp18243032p18244800.html
Sent from the mod_perl - General mailing list archive at Nabble.com.

perrin at elem

Jul 2, 2008, 12:26 PM

Post #4 of 6 (351 views)
Permalink

Re: secure media files without http_referer [In reply to]

On Wed, Jul 2, 2008 at 3:18 PM, tmpusr889 <tmpusr889[at]yahoo.com> wrote:
> A cookie would certainly work, but I was trying to find something simpler. I
> don't know much about URL tokens. How would something like that work?

Redirect them to a URL with ?auth=x in it. Check the token with an
access or authz handler.

- Perrin

davidnicol at gmail

Jul 2, 2008, 1:23 PM

Post #5 of 6 (348 views)
Permalink

Re: secure media files without http_referer [In reply to]

even simpler is to rename the file every few minutes, and redirect
them to the current name.

On Wed, Jul 2, 2008 at 2:26 PM, Perrin Harkins <perrin[at]elem.com> wrote:
> On Wed, Jul 2, 2008 at 3:18 PM, tmpusr889 <tmpusr889[at]yahoo.com> wrote:
>> A cookie would certainly work, but I was trying to find something simpler. I
>> don't know much about URL tokens. How would something like that work?
>
> Redirect them to a URL with ?auth=x in it. Check the token with an
> access or authz handler.
>
> - Perrin
>
>

modperl at fadetoblack

Jul 7, 2008, 9:13 AM

Post #6 of 6 (306 views)
Permalink

Re: secure media files without http_referer [In reply to]

> On Wed, Jul 2, 2008 at 3:18 PM, tmpusr889 <tmpusr889[at]yahoo.com> wrote:
>> A cookie would certainly work, but I was trying to find something
>> simpler. I
>> don't know much about URL tokens. How would something like that work?
>
> Redirect them to a URL with ?auth=x in it. Check the token with an
> access or authz handler.

How about mod_auth_tkt to protect the resources, then you don't need a
mod_perl enabled server.

Use perlbal and redirect behind-the-scenes from a mod_perl auth-checker to
the static resource.

Carl

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com