secure media files without http_referer

I want to protect my flash video from robot downloaders to save on bandwidth.
I created a captcha that must be entered on the page that contains the flash
..swf which loads and plays the .flv video. The captcha is done in a
PerlAccessHandler. Also in Apache, I tried to place a restriction on the
directory containing the .flv files by doing a RewriteCond on the
HTTP_REFERER. However, there is no referer passed and I've since read that
it can easily be spoofed. So I'm looking for a more cleaver way of
restricting access to the flash directory, while still allowing the .swf to
read the .flv files. So far every restriction I've put on the directory also
prevents the videos from loading in the .swf player.

Any ideas? Thanks.
--
View this message in context: http://www.nabble.com/secure-media-files-without-http_refere r-tp18243032p18243032.html
Sent from the mod_perl - General mailing list archive at Nabble.com.

Re: secure media files without http_referer

On Wed, Jul 2, 2008 at 1:41 PM, tmpusr889 wrote:
> I created a captcha that must be entered on the page that contains the flash
> .swf which loads and plays the .flv video. The captcha is done in a
> PerlAccessHandler.

Ok, and what does it do when you succeed? A cookie? A token in the
URL? Either of those should work fine for what you're trying to do.

- Perrin

Re: secure media files without http_referer

A cookie would certainly work, but I was trying to find something simpler. I
don't know much about URL tokens. How would something like that work? Thanks
for you reply.


Perrin Harkins wrote:
>
> On Wed, Jul 2, 2008 at 1:41 PM, tmpusr889 wrote:
>> I created a captcha that must be entered on the page that contains the
>> flash
>> .swf which loads and plays the .flv video. The captcha is done in a
>> PerlAccessHandler.
>
> Ok, and what does it do when you succeed? A cookie? A token in the
> URL? Either of those should work fine for what you're trying to do.
>
> - Perrin
>
>

--
View this message in context: http://www.nabble.com/secure-media-files-without-http_refere r-tp18243032p18244800.html
Sent from the mod_perl - General mailing list archive at Nabble.com.

Re: secure media files without http_referer

On Wed, Jul 2, 2008 at 3:18 PM, tmpusr889 wrote:
> A cookie would certainly work, but I was trying to find something simpler. I
> don't know much about URL tokens. How would something like that work?

Redirect them to a URL with ?auth=x in it. Check the token with an
access or authz handler.

- Perrin

Re: secure media files without http_referer

even simpler is to rename the file every few minutes, and redirect
them to the current name.


On Wed, Jul 2, 2008 at 2:26 PM, Perrin Harkins wrote:
> On Wed, Jul 2, 2008 at 3:18 PM, tmpusr889 wrote:
>> A cookie would certainly work, but I was trying to find something simpler. I
>> don't know much about URL tokens. How would something like that work?
>
> Redirect them to a URL with ?auth=x in it. Check the token with an
> access or authz handler.
>
> - Perrin
>
>

Re: secure media files without http_referer

> On Wed, Jul 2, 2008 at 3:18 PM, tmpusr889 wrote:
>> A cookie would certainly work, but I was trying to find something
>> simpler. I
>> don't know much about URL tokens. How would something like that work?
>
> Redirect them to a URL with ?auth=x in it. Check the token with an
> access or authz handler.

How about mod_auth_tkt to protect the resources, then you don't need a
mod_perl enabled server.

Use perlbal and redirect behind-the-scenes from a mod_perl auth-checker to
the static resource.

Carl