On one of my sites, wiredcd.itallconnects.com, I'm offering the wiredCD for download. It's pretty bandwidth intensive, so I enabled hotlink protection from cpanel.

When a user in windows clicks one of the links, it automatically starts playing in WMP. If I don't allow direct requests, it breaks this functionality so I do allow direct requests.

Now I see a site is offering a playlist to my files, so the playlist is downloaded from their site and then the user's mp3 player makes a direct request to my site and starts downloading/playing. The users don't even know they're eating up my bandwidth, and one person has already used about 2.5 times the size of the whole CD.

Is there a way I can prevent this from happening while not interfering with people from playing the songs directly from my site?

Thanks,

Jason

http://www.htmlbasix.com/disablehotlinking.shtml

Thanks, but that's what I'm already doing.

The problem is that I want to allow people who follow a direct link from my site to automatically load the url into another program and stream it through there. The server sees that at a direct request.

At the same time, I don't want to allow the player to get the direct link from another site and then stream it from my site.

Jason

RewriteCond %{HTTP_REFERER}^http://www.that.another.website/.*$
RewriteRule .*\.(file|extensions)$ http://www.google.com [R,NC]



something like this ??

Disable hotlinking, and tell them to right click and "Save Target".

You can also use a PHP file to force a download of the file, or something similar. Another thing you could do is use Apache's .htaccess files to password protect the directory and then you can require users to sign up, and then it generates a username and password for them.

Originally posted by Sheps
You can also use a PHP file to force a download of the file, or something similar.
i dont think so ... whats the different for users if they download file first or open it directly ... beside in many cases it will open directly even if header will order to save file (at least i noticed such unusual behavior on my website - i had to change content-type to something that doesnt exists because Content-Disposition: attachment; filename="lala" was not enough)
it could be good idea if you will ask to write text from some images first :) (my english is poor but im sure u know what im talking about)


Another thing you could do is use Apache's .htaccess files to password protect the directory and then you can require users to sign up, and then it generates a username and password for them.
it could be bypassed
one user will register and then he can provide links with user/pass already - even if you delete him then he can create new account again and again .....

use php to generate a unique link that is only valid for a time period (5-10 minutes) ie file.php?get=movieasdsjasdfsag634.avi then you could use .htaccess to rewrite the request to mysite.com/file/movieasdsjasdfsag634.avi

Originally posted by jmcgon
use php to generate a unique link that is only valid for a time period (5-10 minutes) ie file.php?get=movieasdsjasdfsag634.avi then you could use .htaccess to rewrite the request to mysite.com/file/movieasdsjasdfsag634.avi

but then u have to update .htaccess or some database (would be easier) all the time
so it is really nice solution but i think for small websites
for big websites with hundred of thousands movies you can just kill your server with it :)
also your example is not good - should rewrite request to move.avi not to movieasdsjasdfsag634.avi - otherwise you will have to move each .avi fille everytime you change link and this will kill your server even if you have small website :D