Results 1 to 4 of 4
  1. #1
    Join Date
    Feb 2008

    Disabling direct download

    I have a website which has a FLV player serving .flv files which are hosted in the server. I notice that some users are directly downloading the files using the direct URL and they seem to be using download managers for that which is opening several Apache connections and open slows down Apache. I want to prevent this. I thought of preventing it using a .htaccess file but did not help. This is what I used:

    <Files *>
    order allow,deny
    allow from
    allow from localhost
    deny from all

    I thought this would work but it doesn't as it is blocking the FLV player from playing the file. Can anyone tell me the right way to do it?

  2. #2
    Join Date
    Feb 2002
    Not sure if this will work or not...

    Options +FollowSymLinks
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite\.com [NC]
    RewriteRule \.(flv)$ - [F]
    Replace with your domain name.

  3. #3
    Join Date
    Feb 2008
    The file is accessible directly with that code in .htaccess

  4. #4
    Join Date
    Feb 2005
    When the flash player opens a .flv video for one of your visitors, it's downloading the file just like a download manager does. The user-agent and referrer strings may be different but these are trivial to fake. If someone is hotlinking your files from another website then WoodIE55's code above should block their visitors from simply clicking to download, but it's practically impossible to stop someone deliberately bypassing your player and downloading the file if they know what they're doing. Adobe, with all their resources, have so far failed to do this for high-profile clients like the BBC (Google "Adobe rtmpdump").

    If you just want to block multi-threaded downloads and limit each IP to a single connection, that should be possible - ask the experts here about specific firewall rules. I think you may need to put the .flv downloads on a different IP address though to avoid slowing down your website.

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

Similar Threads

  1. prevent direct file download but allow php download via htaccess
    By yohanesw in forum Programming Discussion
    Replies: 3
    Last Post: 01-18-2009, 03:15 PM
  2. Help with disabling direct root login
    By hbhb in forum Hosting Security and Technology
    Replies: 19
    Last Post: 04-17-2008, 11:27 AM
  3. Disabling Download: Allow Script Access?
    By tonten in forum Programming Discussion
    Replies: 2
    Last Post: 11-07-2006, 08:23 PM
  4. How do I prevent direct file download
    By sllik in forum Hosting Security and Technology
    Replies: 3
    Last Post: 01-05-2005, 06:23 AM
  5. Disabling Download Managers
    By Blueheaven in forum Programming Discussion
    Replies: 5
    Last Post: 12-10-2004, 07:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts