Flowplayer Anti-leeching![]() Rob A's (Im)personal Blog.![]() |
(Im)Personal Menu(Im)Personal Sunlight
(Im)Personal Articles(Im)Personal Old StuffBlog Administration |
Friday, February 23. 2007While looking for a There are lots of sites that describe how to convert video to FLV. Some methods free, some are very pricy, and some are better than others. Find one that is easy and that you like. My next focus was playing the video. I found a few options like Jeroen Wijering's player but finally settled on FlowPlayer for a number of reasons. It supports playlists, will slideshow images, and is easily skinnable. Most importantly for me, was the claim that is supports prevention of inline linking also known as Leeching. This is when other sites directly link to content on your site, so you pay the bandwidth but they get the views. A sample (standard video test pattern bars and test tone) to demonstrate: Here is how I implemented anti-leeching as demonstrated... According to the documentation:
I could not find any good references online on how to actually implement this, so I figured I'd steal from myself and copy some work I had done earlier to watermark the images on my web site. The basic idea was as follows... Create a php handler for all .flv files in a directory and use .htaccess to rewrite the requests to it. This php file would do the check against the auth code as well as updating it, at minimum, every 60 seconds. The .htaccess fileHere is the .htaccess file I created for the directory where the flv files and the Flowplayer script are located
This simply takes any requests for .flv files and passes the file URL as a parameter to the flvloader script. The flvloader.php fileHere is the handler file:
This simply checks how old the auth code file is, and updates the code with a hash of itself (for the next load) if the stale value has been exceeded. Note that the web server process bust be able to read/write the auth file. The authorization code then checks if the code string in the authorization file is in the the filename passed by the Flowplayer script. If so it strips it off and returns the file (if it exists). It sets up some of the header attributes of the file: the mime type, the length and flags it as not-cacheable. Embedding it on the page hereJust so you have the complete package, here is the syntax of the called Flowplayer object I used.
Pretty simple. Because of the way my blog performs URL translation, I had to provide some full path information to the player. Additionally, as I wanted a "click to play" displayed at the start, I used it once as a still, then again at the end of the playlist. This let the playlist rewind itself and be ready for another click to play the video. The only problem I have is with browser caching. Sometimes the Flowplayer gets cached and uses an expired authorization code. This could be minimized by changing the authorization code expiration time, if desired. SecurityThis method will not stop a person from downloading the flv file but it does a good job of stoping an external site from hotlinking directly to the flv file, or even from hotlinking to the Flowplayer object and running it off your site (eating up your bandwidth). Here is a direct link to the flv file barsandtone.flv that will NOT return the flv file because of the htaccess handler. That's it! If you found this useful or have any comments, as always, use the form.
Posted by Rob A
in The Web
at
03:29
| Comments (11)
| Trackback (1)
Defined tags for this entry: The Web
Comments
Display comments as
(Linear | Threaded)
Hi, I tested this page in IE6.0 and FF2.0
but, I can't play demo video again in FF2.0 So, I checked http header, response is 404. when i clicked play button.
Yeah-
This is a problem of local caching and timing. Currently, the script is set up to to change the code once per minute. That means that if you watch the video then come back more than a minute later you may be requesting it with the old code. Even though I have it set to sent no-cache headers, and an expiry date in the past. It might be the applet that is doing the caching...I haven't figured that out yet ![]() The likelihood of this can be be minimized by increasing the code change interval, but that then increases the time it will be available. As the whole point of this is anti-leeching, setting it even as high as 30 minutes should eliminate the issue almost completely, while still preventing long term hot-linking. Thinking about it, another option would be to have a quick "the link to this video is outdated" clip that is substituted in place of the real one, rather than returning a 404....
#1.1
Rob A
on
2007-03-09 15:02
This means if user clicks the player after 1 minute, since user may be reading the content. The video may not get played since the auth code on server will not match with one on local cache.
That's right. I have the timeout set to one minute for the purpose of this demonstration. In reality, you would set it much higher (as long as a person would be expected to sit on one page).
#1.2.1
Rob A
on
2007-05-23 13:04
Any chance I can get some help with this? I have no idea how to use it? I've tried plugging the code in and it doesn't seem to be working?
Thanks
#2
Sebass
on
2007-12-12 01:53
Yes FLV is really cool and easy on mem but with realplayer you can easily download the video
Justin - thanks for the comment. The point of this is not to prevent downloading (which cannot be prevented...if you can watch something you can capture the stream and download it!) The point is to prevent hotlinking from foreign websites so they serve up your content, chewing up your bandwidth while benefiting from views.
#3.1
Rob A
on
2008-03-24 14:34
Thank you, your code is really useful for prevent hotlinking of flv file, but how can I use it to stream mp3 file instead? I'm trying to replace flv to mp3 and it didn't work for me
![]()
#4
ly
on
2008-06-08 05:21
I've never tried mp3 file, but I would think changing/adding the htaccess redirect to mp3 files and rewriting the handler (flvloader.php) to return mp3 headers along with the mp3 file should do the trick.
#4.1
Anonymous
on
2008-06-08 15:02
Excelent job. But I would like to know how to implement on the code without playlist, with a single flv embed. How to set "protected" in a single embed file?
can somebody give me a light? some case online? thank you masters.
#5
Flávio
on
2008-08-02 19:10
Even though this is old I thought I would post my solution to the authfile caching.
I used php to generate my video index page and included this code in the html. authFileName: 'flowplayer_auth.txt?< ?php echo rand(); ?>', (Note- Remove the space between < and ?php.) The php code adds a random dummy variable to the end of the file name making it unique. So even if it is cached locally it will be reloaded next time a user visits. The variable has no effect on the file.
#6
Bubba
on
2008-11-29 01:18
Add Comment
|
(Im)Personal CommentsTue, 28.06.2016 04:48
Tue, 28.06.2016 03:57
Tue, 28.06.2016 02:46
(Im)Personal TagsQuicksearch |
FlowPlayer supports prevention of inline linking also known as leeching. Rob has written about his experiences implementing this on the server side using PHP. Includes a demo and some sample code! technorati tags:flash, flv, php, inline, linking
Tracked: Feb 25, 10:11