View Full Version : Prevent direct file download

06-12-2011, 08:38 PM
Hi all,
I have some problems with a PHP site that includes some FLV files in a video player.

I'd like to avoid people downloading the videos by typing the url by hand (ex. http://mysite.com/video/vidTitle.flv), but at the same time, I need the same url to be accessed by the video player on my PHP page.
This video player uses an anchor tag: <a href="/video/vidTitle.flv">...</a>

How can I avoid the direct download from the address bar?

07-09-2011, 09:33 AM
I believe a request for an asset appearing on a page has a HTTP_REFERER flag of your site, so one option would be to check against that and send a forbidden response if it's not your site.

RewriteCond %{HTTP_REFERER} !www.yourdomain.com
RewriteRule \.flv$ - [F]

This should also stop other sites from hotlinking your assets and using up your bandwidth. It's not a perfectly solution, as there are still ways for somebody to download the file, but it should suffice for most cases.