Order Now AdSolution Sign Up | Login » Bits on the Run Sign Up | Login »

Forums

JW Player
/
Setup Issues and Embedding

Stop Hotlinking From *ALL* Other Site's SWF Files

8 replies [Last post]
Posted: Fri, 2008-05-23 21:48 Paul R.
Anonymous's picture

I can use a .htaccess file to prevent other sites from hotlinking to my media files through conventional means, but they can still hotlink via an SWF file, such as a Flash player. How can I prevent ALL other sites from hotlinking through SWF files (not just Jeroen's, but all of them)?

I first found out about this type of hotlinking when one of my files was hotlinked by Playlist.com. I've set up my own page to test it out for myself (and to also know when a "cure" works): http://1shop.bravehost.com/222.htm

I'm testing out a few different hotlinking methods on this test page. The SWF hotlinking test is at the bottom, right below the "MP3" text.

On this test page, I have a SWF on another site (1shop.bravehost.com) linking to an MP3 on my Ghostbusters site (www.ecto-web.org/~spookcentral/) and as you can see, there's no problem playing the MP3, though a direct link to the same MP3 is rightfully denied.

Ideally I'd like to find a cure that not only works with Playlist.com, but I'd want to set it up so that it would prevent ALL sites that aren't mine for hotlinking to my media files through ANY means.

Posted: Fri, 2008-05-23 23:44 chaz  
chaz's picture

best way is to change the folder name and not allow a folder scan. Draw back is u need to change the playlist url's

prevent a folder scan on your directories.

the flash player hides the underlining URLs

Posted: Tue, 2008-05-27 15:55 Paul R.  
Paul R.'s picture

I don't understand what you mean by a "folder scan". Besides, all of my media files are in the same directory as my html files.

Posted: Fri, 2008-05-30 13:16 Paul R.  
Paul R.'s picture

So, can anyone explain if it's possible to stop the hotlinking from other site's SWF files?

Posted: Mon, 2008-06-16 04:43 JeroenW  
JeroenW's picture

I haven't seen a way to do this yet...

Posted: Wed, 2008-10-15 00:59 Mario Bernheim  
Mario Bernheim's picture

http://www.jeroenwijering.com/?thread=13350

Posted: Fri, 2008-11-07 17:27 Matt Montag  
Matt Montag's picture

I would follow chaz's advice; disable directory indexing in your htaccess and move stuff from its current location to kill those existing links is the best option.
I played around with .htaccess because there really should be a pattern in the HTTP Request headers originating from Playlist.com and other SWF leechers, but it was difficult to test so I just went with the simple technique chaz described.

Posted: Sat, 2010-01-16 09:11 Jerjzu  
Jerjzu's picture

I know that this is an old thread but I see that there is no answer so I would like to add one here, only because I must.

Use a .htaccess file that stops the hotlinking of images and add the swf extension to the code in the .htaccess file. This does work if your browsers cache is clear of any previously loaded swiff files, it does not replace the swiff it only stops it from being uploaded.

# Use this .htaccess code
#
# Prevent hotlinking of my images and swiffs
#
RewriteEngine On
#
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://Your IP Address Here/.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com/.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com.au/.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com.au/.* [NC]
RewriteRule .*\.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|bmp|png|gif|swf)$ http://www.yoursite.com.au/images/nohotlink.gif [R=302,L]
#

Two - you can use javascript on your page to see if the php or html is being displayed via a frame not of your own:- like

if(top.location.host == ("www.yoursite.com.au")){
// Accept //
}else if(window != top){
// Reject //
}else if(top.frames.length > 0){
// Reject //
}else{
// Accept //
}

There are more ways to help you secure your swiff files but I wish not to give out all my secrets.

Good Luck to you all and don’t give up because there is always a solution to any problem you have -
it just needs thought.

Posted: Fri, 2010-05-14 04:30 nikko  
nikko's picture

A htaccess file will not have any control over video files as they dont send any header information. Joomla users can protect their files using a simple free script on my site here:
www.southwesthosting.co.uk

  • Locked