You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Dan Poirier <po...@pobox.com> on 2009/03/20 14:11:12 UTC
[users@httpd] Re: how to prevent mp3 downloading ?
"J. Bakshi" <jo...@infoservices.in> writes:
> Eric Covener wrote:
>> On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in> wrote:
>>
>>> Dear list,
>>>
>>> I have a .htaccess ( copied from the some tutorials available in
>>> internet ) to disable site grabbers like wget, curl, httrack etc.......
>>> and I have tested that these tools are not able to download anything
>>> from my site. nice so far. But If I put the mp3 link available at my
>>> site directly in the browser then browser download the mp3. it is also
>>> true for images. How can I prevent this ?
>>>
>>>
>>
>> You could use mod_rewrite to make sure the referer is set to something
>> you expect, but it's still going to ultimately be downloadable.
>>
>>
> Please suggest what else I can do.
> Please
Please explain what you're trying to do. It sounds like you just don't
want anyone to download your files, but the solution to that is easy -
don't put them on your server.
Dan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: how to prevent mp3 downloading ?
Posted by "J. Bakshi" <jo...@infoservices.in>.
André Warnier wrote:
> J. Bakshi wrote:
>>
>> Any idea how to prevent it ?
>>
> In simple words, and as many people on this list have tried to tell
> you already : NO. NO like "there is no way to prevent it".
>
>
> Have a look at the wget and curl "--user-agent" command-line options,
> and try them with your pages.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Thanks for this clue.
It is really helpful.
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: how to prevent mp3 downloading ?
Posted by André Warnier <aw...@ice-sa.com>.
J. Bakshi wrote:
>
> Any idea how to prevent it ?
>
In simple words, and as many people on this list have tried to tell you
already : NO. NO like "there is no way to prevent it".
The fundamental idea here is : if you give some information away from
your web server to a web browser, then it is given, and you can't take
it back. You can try to hide it, disguise it, obfuscate it, but in the
end the browser has it, so the user has it, and there is nothing you can
do about it.
Someone else wrote : if you don't want the user to be able to download
something from your server, then do not put it there.
That is true.
The only way to do something that resembles what you want, would be to
require the usage, at the user side, of a special "playback agent" that
they download from your site in advance, and which talks to your server
in some encrypted way. But even then, whatever that plugin exchanges
with your server still circulates between the browser and the server on
the Internet, and a sufficiently motivated user can record what happens,
analyse it, reproduce it, etc..
Just to press the point : you mention that you done things in your
.htaccess to prevent people to download stuff using curl, wget etc..
That's an illusion. The htaccess (or any other similar method supposed
to exclude some remote agents) works only on the base of some
information that the user-agent provides to the server (look up the
User-Agent HTTP header). If the user changes that header, then your
htaccess will be fooled.
Have a look at the wget and curl "--user-agent" command-line options,
and try them with your pages.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: how to prevent mp3 downloading ?
Posted by Octavian Rasnita <or...@gmail.com>.
From: "J. Bakshi" <jo...@infoservices.in>
To: <us...@httpd.apache.org>> Dan Poirier wrote:
>> "J. Bakshi" <jo...@infoservices.in> writes:
>>
>>
>>> Eric Covener wrote:
>>>
>>>> On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in> wrote:
>>>>
>>>>
>>>>> Dear list,
>>>>>
>>>>> I have a .htaccess ( copied from the some tutorials available in
>>>>> internet ) to disable site grabbers like wget, curl, httrack etc.......
>>>>> and I have tested that these tools are not able to download anything
>>>>> from my site. nice so far. But If I put the mp3 link available at my
>>>>> site directly in the browser then browser download the mp3. it is also
>>>>> true for images. How can I prevent this ?
>>>>>
>>>>>
>>>>>
>>>> You could use mod_rewrite to make sure the referer is set to something
>>>> you expect, but it's still going to ultimately be downloadable.
>>>>
>>>>
>>>>
>>> Please suggest what else I can do.
>>> Please
>>>
>>
>> Please explain what you're trying to do. It sounds like you just don't
>> want anyone to download your files, but the solution to that is easy -
>> don't put them on your server.
>>
>
> Ok, Here I am trying to give you all a more detailed view. At my site
> there are a no. of pages where flash plugins are installed which plays
> mp3 songs online. The .htaccess has all the site grabber as banned. So
> the site can't be grabbed with curl, wget , httrac etc......
That "protection" is not a protection at all. It is very easy to create an HTTP client with perl and set it to use the same user agent as Firefox or Internet Explorer, to set the referer you want, to send/receive/store cookies... do everything a browser does.
> But if you view the page source, you can see the link of the mp3 file.
> As example http://mydomain.com/folder1/song1.mp3 and if you just put
> this link in your browser, it simply give you the "save as" option and
> you can save it with out any trouble. This simply bypass the .htaccess
> restriction and I like to prevent this.
You can't prevent this.
If you could, then the Flash wouldn't be able to download the mp3 file in order to play it.
Some sites like YouTube don't put a direct link to the mp3 file, but to another program that checks some things like the user agent, the referer, and maybe other things, and that program offers the content of the mp3 file.
But as you may know, there are very many programs that can be used to download files from YouTube.
Octavian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: how to prevent mp3 downloading ?
Posted by "J. Bakshi" <jo...@infoservices.in>.
Dan Poirier wrote:
> "J. Bakshi" <jo...@infoservices.in> writes:
>
>
>> Eric Covener wrote:
>>
>>> On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in> wrote:
>>>
>>>
>>>> Dear list,
>>>>
>>>> I have a .htaccess ( copied from the some tutorials available in
>>>> internet ) to disable site grabbers like wget, curl, httrack etc.......
>>>> and I have tested that these tools are not able to download anything
>>>> from my site. nice so far. But If I put the mp3 link available at my
>>>> site directly in the browser then browser download the mp3. it is also
>>>> true for images. How can I prevent this ?
>>>>
>>>>
>>>>
>>> You could use mod_rewrite to make sure the referer is set to something
>>> you expect, but it's still going to ultimately be downloadable.
>>>
>>>
>>>
>> Please suggest what else I can do.
>> Please
>>
>
> Please explain what you're trying to do. It sounds like you just don't
> want anyone to download your files, but the solution to that is easy -
> don't put them on your server.
>
Ok, Here I am trying to give you all a more detailed view. At my site
there are a no. of pages where flash plugins are installed which plays
mp3 songs online. The .htaccess has all the site grabber as banned. So
the site can't be grabbed with curl, wget , httrac etc......
But if you view the page source, you can see the link of the mp3 file.
As example http://mydomain.com/folder1/song1.mp3 and if you just put
this link in your browser, it simply give you the "save as" option and
you can save it with out any trouble. This simply bypass the .htaccess
restriction and I like to prevent this.
Any idea how to prevent it ?
thanks
> Dan
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org