You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "J. Bakshi" <jo...@infoservices.in> on 2009/03/20 12:16:22 UTC
[users@httpd] how to prevent mp3 downloading ?
Dear list,
I have a .htaccess ( copied from the some tutorials available in
internet ) to disable site grabbers like wget, curl, httrack etc.......
and I have tested that these tools are not able to download anything
from my site. nice so far. But If I put the mp3 link available at my
site directly in the browser then browser download the mp3. it is also
true for images. How can I prevent this ?
Kindly suggest.
Thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to prevent mp3 downloading ?
Posted by "J. Bakshi" <jo...@infoservices.in>.
Bruno - e-comBR wrote:
> You can difficult it to be downloaded in massive way by automated
> scripts to prevent somebody doing massive download if you want.
>
> But, preventing the downloading and allowing it at the same time is
> impossible. You have two options: allow or deny.
>
> Allowing the download only for a certain user-agent don't prevent the
> downloading. There are many softwares which detects the URLs inserted
> in flash files(try to simple download a SWF file and run strings
> filename.swf|grep '://'). Then, the software can also try
> automatically many user-agents to get it... Or do you think you cannot
> save YouTube's movies?? (but, of course, it violates their rights, so
> don't do it)
>
> Back to the topic, you should use a dynamic script which checks for
> some "allowing cookie" to let you download it once. This cookie should
> be generated in a page loaded before the downloading page. The page
> which generates the cookie should ask for typing the content on a image.
>
> So, your download can, IF THE AUTOMATED SCRIPT CAN'T BYPASS THIS, be
> downloaded once a time. Of course, there's a cost: HTTP connection
> errors. On problems, your visitant will need to go back e do the
> boring proccess again...
>
> If you want "less unprotection" you need to pay by it, making your
> site a burocratic sheet.
>
> []'s
>
>
>
> 2009/3/23 Brian Mearns <mearns.b@gmail.com <ma...@gmail.com>>
>
> On Mon, Mar 23, 2009 at 6:17 AM, Matus UHLAR - fantomas
> <uhlar@fantomas.sk <ma...@fantomas.sk>> wrote:
> > On 20.03.09 16:46, J. Bakshi wrote:
> >> I have a .htaccess ( copied from the some tutorials available in
> >> internet ) to disable site grabbers like wget, curl, httrack
> etc.......
> >> and I have tested that these tools are not able to download
> anything
> >> from my site. nice so far. But If I put the mp3 link available
> at my
> >> site directly in the browser then browser download the mp3. it
> is also
> >> true for images. How can I prevent this ?
> >
> > Move them out of DocumentRoot. If the file is availabele via
> HTTP, it can be
> > fetched using HTTP, no matter how you call it.
> > You can only make it harder by checking User-Agent for known
> strings,
> > clients may not provide it, nor they have to tell the truth.
> > You can make them available only for streaming, but that won't
> stop form
> > downloading the content too.
> > --
> > Matus UHLAR - fantomas, uhlar@fantomas.sk
> <ma...@fantomas.sk> ; http://www.fantomas.sk/
> > Warning: I wish NOT to receive e-mail advertising to this address.
> > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> > Save the whales. Collect the whole set.
>
> The closest thing to what you want to do is to actually embed the
> audio data in some way in the flash movie itself and have your flash
> player understand how to parse it and turn it into playback audio.
> This is probably a significant undertaking and ultimately, the audio
> data is still going to client so they can, at worst, record the
> "what-you-hear" stream on their system to an audio file and, at best,
> figure out how to extract the audio data from the flash movie.
>
> My best suggestion is the same one I would offer to the record
> companies and musicians: if you want people to hear it, give it to
> them unrestricted.
>
Thanks a lot for your suggestion.
>
> -Brian
>
> --
> Feel free to contact me using PGP Encryption:
> Key Id: 0x3AA70848
> Available from: http://pgp.mit.edu/
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org
> <ma...@httpd.apache.org>
>
>
>
>
> --
> Bruno Moreira Guedes <bruno@e-combr.com.br <ma...@e-combr.com.br>>
> e-comBR - Depto. Infra-Estrutura
> Fone: (049) 3328-4065
> Chapecó-SC
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to prevent mp3 downloading ?
Posted by Bruno - e-comBR <br...@e-combr.com.br>.
You can difficult it to be downloaded in massive way by automated scripts to
prevent somebody doing massive download if you want.
But, preventing the downloading and allowing it at the same time is
impossible. You have two options: allow or deny.
Allowing the download only for a certain user-agent don't prevent the
downloading. There are many softwares which detects the URLs inserted in
flash files(try to simple download a SWF file and run strings
filename.swf|grep '://'). Then, the software can also try automatically many
user-agents to get it... Or do you think you cannot save YouTube's movies??
(but, of course, it violates their rights, so don't do it)
Back to the topic, you should use a dynamic script which checks for some
"allowing cookie" to let you download it once. This cookie should be
generated in a page loaded before the downloading page. The page which
generates the cookie should ask for typing the content on a image.
So, your download can, IF THE AUTOMATED SCRIPT CAN'T BYPASS THIS, be
downloaded once a time. Of course, there's a cost: HTTP connection errors.
On problems, your visitant will need to go back e do the boring proccess
again...
If you want "less unprotection" you need to pay by it, making your site a
burocratic sheet.
[]'s
2009/3/23 Brian Mearns <me...@gmail.com>
> On Mon, Mar 23, 2009 at 6:17 AM, Matus UHLAR - fantomas
> <uh...@fantomas.sk> wrote:
> > On 20.03.09 16:46, J. Bakshi wrote:
> >> I have a .htaccess ( copied from the some tutorials available in
> >> internet ) to disable site grabbers like wget, curl, httrack etc.......
> >> and I have tested that these tools are not able to download anything
> >> from my site. nice so far. But If I put the mp3 link available at my
> >> site directly in the browser then browser download the mp3. it is also
> >> true for images. How can I prevent this ?
> >
> > Move them out of DocumentRoot. If the file is availabele via HTTP, it can
> be
> > fetched using HTTP, no matter how you call it.
> > You can only make it harder by checking User-Agent for known strings,
> > clients may not provide it, nor they have to tell the truth.
> > You can make them available only for streaming, but that won't stop form
> > downloading the content too.
> > --
> > Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> > Warning: I wish NOT to receive e-mail advertising to this address.
> > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> > Save the whales. Collect the whole set.
>
> The closest thing to what you want to do is to actually embed the
> audio data in some way in the flash movie itself and have your flash
> player understand how to parse it and turn it into playback audio.
> This is probably a significant undertaking and ultimately, the audio
> data is still going to client so they can, at worst, record the
> "what-you-hear" stream on their system to an audio file and, at best,
> figure out how to extract the audio data from the flash movie.
>
> My best suggestion is the same one I would offer to the record
> companies and musicians: if you want people to hear it, give it to
> them unrestricted.
>
> -Brian
>
> --
> Feel free to contact me using PGP Encryption:
> Key Id: 0x3AA70848
> Available from: http://pgp.mit.edu/
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Bruno Moreira Guedes <br...@e-combr.com.br>
e-comBR - Depto. Infra-Estrutura
Fone: (049) 3328-4065
Chapecó-SC
Re: [users@httpd] how to prevent mp3 downloading ?
Posted by Brian Mearns <me...@gmail.com>.
On Mon, Mar 23, 2009 at 6:17 AM, Matus UHLAR - fantomas
<uh...@fantomas.sk> wrote:
> On 20.03.09 16:46, J. Bakshi wrote:
>> I have a .htaccess ( copied from the some tutorials available in
>> internet ) to disable site grabbers like wget, curl, httrack etc.......
>> and I have tested that these tools are not able to download anything
>> from my site. nice so far. But If I put the mp3 link available at my
>> site directly in the browser then browser download the mp3. it is also
>> true for images. How can I prevent this ?
>
> Move them out of DocumentRoot. If the file is availabele via HTTP, it can be
> fetched using HTTP, no matter how you call it.
> You can only make it harder by checking User-Agent for known strings,
> clients may not provide it, nor they have to tell the truth.
> You can make them available only for streaming, but that won't stop form
> downloading the content too.
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Save the whales. Collect the whole set.
The closest thing to what you want to do is to actually embed the
audio data in some way in the flash movie itself and have your flash
player understand how to parse it and turn it into playback audio.
This is probably a significant undertaking and ultimately, the audio
data is still going to client so they can, at worst, record the
"what-you-hear" stream on their system to an audio file and, at best,
figure out how to extract the audio data from the flash movie.
My best suggestion is the same one I would offer to the record
companies and musicians: if you want people to hear it, give it to
them unrestricted.
-Brian
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to prevent mp3 downloading ?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 20.03.09 16:46, J. Bakshi wrote:
> I have a .htaccess ( copied from the some tutorials available in
> internet ) to disable site grabbers like wget, curl, httrack etc.......
> and I have tested that these tools are not able to download anything
> from my site. nice so far. But If I put the mp3 link available at my
> site directly in the browser then browser download the mp3. it is also
> true for images. How can I prevent this ?
Move them out of DocumentRoot. If the file is availabele via HTTP, it can be
fetched using HTTP, no matter how you call it.
You can only make it harder by checking User-Agent for known strings,
clients may not provide it, nor they have to tell the truth.
You can make them available only for streaming, but that won't stop form
downloading the content too.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to prevent mp3 downloading ?
Posted by "Mark H. Wood" <mw...@IUPUI.Edu>.
On Fri, Mar 20, 2009 at 01:53:25PM +0100, André Warnier wrote:
> You could replace the links to the mp3 files by a button or a link, which
> when clicked opens another window where the user needs to input something
> before the download starts. The input is often some kind of image of a
> text, easily read by humans but not by machines. There is a name for that
> kind of thing, but I don't recall it right now.
"CAPTCHA"
--
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
Friends don't let friends publish revisable-form documents.
Re: [users@httpd] how to prevent mp3 downloading ?
Posted by Bruno - e-comBR <br...@e-combr.com.br>.
If your flash object plays the mp3, it needs to download it.
So, if it needs to download it, you cannot prevent its download.
What you should try to do to make hard to download your mp3 files is to
create an CGI or PHP script which downloads the file, and another which
"authorizes" the download, and make your flash object loads the script which
"authorizes" run first.
But it's not a efficient way, because somebody should run a proxy to see the
HTTP requests, and detect the "authorizer" script.
[]'s
2009/3/20 Brian Mearns <me...@gmail.com>
> On Fri, Mar 20, 2009 at 8:53 AM, André Warnier <aw...@ice-sa.com> wrote:
> > J. Bakshi wrote:
> >>
> >> Eric Covener wrote:
> >>>
> >>> On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in>
> >>> wrote:
> >>>
> >>>>
> >>>> Dear list,
> >>>>
> >>>> I have a .htaccess ( copied from the some tutorials available in
> >>>> internet ) to disable site grabbers like wget, curl, httrack
> etc.......
> >>>> and I have tested that these tools are not able to download anything
> >>>> from my site. nice so far. But If I put the mp3 link available at my
> >>>> site directly in the browser then browser download the mp3. it is also
> >>>> true for images. How can I prevent this ?
> >>>>
> >>>>
> >>>
> >>> You could use mod_rewrite to make sure the referer is set to something
> >>> you expect, but it's still going to ultimately be downloadable.
> >>>
> >>>
> >>
> >> Please suggest what else I can do.
> >> Please
> >>
> > You could replace the links to the mp3 files by a button or a link, which
> > when clicked opens another window where the user needs to input something
> > before the download starts. The input is often some kind of image of a
> > text, easily read by humans but not by machines. There is a name for
> that
> > kind of thing, but I don't recall it right now.
>
> You could not put links to mp3s on your site.
>
> I'm not really clear what you're trying to do: anything you put on
> your site is fair game to be downloaded. If you want, you can set up
> authentication so that a username and password are required to access
> the file. If you're trying to stop bots from getting it, Mark's
> suggestion of using a CAPTCHA is your best bet.
>
> Are you just trying to make it so that the flash player can play the
> file, but people can't download it? I'm not sure how the flash player
> works: if the file can be embedded directly into the flash then
> there's no need to have a link to the file on your site, but if the
> flash player has to fetch it from your site over the web, that it will
> inherently need to be made available for download. An important thing
> to keep in mind, though, is that anything that's playing on a person's
> computer can easily be recorded, so just because they can't download
> the file doesn't mean they can't just play it and record it. Also, if
> you're trying to do this to protect yourself from copyright laws, I
> wouldn't be too confident that you're safe if you're letting people
> listen to the music at all just because you're trying to prevent them
> from downloading it.
>
> So try to be more specific about what you're trying to achieve, and
> I'm sure someone here can come up with a solution, if there is one.
>
> -Brian
>
> --
> Feel free to contact me using PGP Encryption:
> Key Id: 0x3AA70848
> Available from: http://pgp.mit.edu/
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] how to prevent mp3 downloading ?
Posted by Brian Mearns <me...@gmail.com>.
On Fri, Mar 20, 2009 at 8:53 AM, André Warnier <aw...@ice-sa.com> wrote:
> J. Bakshi wrote:
>>
>> Eric Covener wrote:
>>>
>>> On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in>
>>> wrote:
>>>
>>>>
>>>> Dear list,
>>>>
>>>> I have a .htaccess ( copied from the some tutorials available in
>>>> internet ) to disable site grabbers like wget, curl, httrack etc.......
>>>> and I have tested that these tools are not able to download anything
>>>> from my site. nice so far. But If I put the mp3 link available at my
>>>> site directly in the browser then browser download the mp3. it is also
>>>> true for images. How can I prevent this ?
>>>>
>>>>
>>>
>>> You could use mod_rewrite to make sure the referer is set to something
>>> you expect, but it's still going to ultimately be downloadable.
>>>
>>>
>>
>> Please suggest what else I can do.
>> Please
>>
> You could replace the links to the mp3 files by a button or a link, which
> when clicked opens another window where the user needs to input something
> before the download starts. The input is often some kind of image of a
> text, easily read by humans but not by machines. There is a name for that
> kind of thing, but I don't recall it right now.
You could not put links to mp3s on your site.
I'm not really clear what you're trying to do: anything you put on
your site is fair game to be downloaded. If you want, you can set up
authentication so that a username and password are required to access
the file. If you're trying to stop bots from getting it, Mark's
suggestion of using a CAPTCHA is your best bet.
Are you just trying to make it so that the flash player can play the
file, but people can't download it? I'm not sure how the flash player
works: if the file can be embedded directly into the flash then
there's no need to have a link to the file on your site, but if the
flash player has to fetch it from your site over the web, that it will
inherently need to be made available for download. An important thing
to keep in mind, though, is that anything that's playing on a person's
computer can easily be recorded, so just because they can't download
the file doesn't mean they can't just play it and record it. Also, if
you're trying to do this to protect yourself from copyright laws, I
wouldn't be too confident that you're safe if you're letting people
listen to the music at all just because you're trying to prevent them
from downloading it.
So try to be more specific about what you're trying to achieve, and
I'm sure someone here can come up with a solution, if there is one.
-Brian
--
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: how to prevent mp3 downloading ?
Posted by Jonesy <gm...@jonz.net>.
On Fri, 20 Mar 2009 18:37:16 +0530, J. Bakshi wrote:
<- snip ->
> there is a
> flash plugin which plays the mp3 online. But the source of the page
> shows the link and if you place the link in the browser the browser
> downloads it. I like to stop it.
Just how the bloody hell do you think the mp3 is played in the flash
plugin to begin with? *The mp3 file is _downloaded_ and played!*
You can make it hard(er) for most casual web surfers to 'steal' your mp3
files. But, you _cannot_ prevent the more experienced web user from
doing it.
Go ahead: implement all the snake oil offered in this thread and then
come back and dare anyone to snag a copy of your mp3.
The best advice was already given you: If you don't want anyone
snatching a copy of your mpeg videos, do *not* upload them to your web
server.
Jonesy
--
Marvin L Jones | jonz | W3DHJ | linux
38.24N 104.55W | @ config.com | Jonesy | OS/2
* Killfiling google & XXXXbanter.com: jonz.net/ng.htm
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to prevent mp3 downloading ?
Posted by "J. Bakshi" <jo...@infoservices.in>.
André Warnier wrote:
> J. Bakshi wrote:
>> Eric Covener wrote:
>>> On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in>
>>> wrote:
>>>
>>>> Dear list,
>>>>
>>>> I have a .htaccess ( copied from the some tutorials available in
>>>> internet ) to disable site grabbers like wget, curl, httrack
>>>> etc.......
>>>> and I have tested that these tools are not able to download anything
>>>> from my site. nice so far. But If I put the mp3 link available at my
>>>> site directly in the browser then browser download the mp3. it is also
>>>> true for images. How can I prevent this ?
>>>>
>>>>
>>> You could use mod_rewrite to make sure the referer is set to something
>>> you expect, but it's still going to ultimately be downloadable.
>>>
>>>
>> Please suggest what else I can do.
>> Please
>>
> You could replace the links to the mp3 files by a button or a link,
> which when clicked opens another window where the user needs to input
> something before the download starts. The input is often some kind of
> image of a text, easily read by humans but not by machines. There is
> a name for that kind of thing, but I don't recall it right now.
Actually I have no such button to make download available. there is a
flash plugin which plays the mp3 online. But the source of the page
shows the link and if you place the link in the browser the browser
downloads it. I like to stop it.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to prevent mp3 downloading ?
Posted by André Warnier <aw...@ice-sa.com>.
J. Bakshi wrote:
> Eric Covener wrote:
>> On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in> wrote:
>>
>>> Dear list,
>>>
>>> I have a .htaccess ( copied from the some tutorials available in
>>> internet ) to disable site grabbers like wget, curl, httrack etc.......
>>> and I have tested that these tools are not able to download anything
>>> from my site. nice so far. But If I put the mp3 link available at my
>>> site directly in the browser then browser download the mp3. it is also
>>> true for images. How can I prevent this ?
>>>
>>>
>> You could use mod_rewrite to make sure the referer is set to something
>> you expect, but it's still going to ultimately be downloadable.
>>
>>
> Please suggest what else I can do.
> Please
>
You could replace the links to the mp3 files by a button or a link,
which when clicked opens another window where the user needs to input
something before the download starts. The input is often some kind of
image of a text, easily read by humans but not by machines. There is a
name for that kind of thing, but I don't recall it right now.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: how to prevent mp3 downloading ?
Posted by "J. Bakshi" <jo...@infoservices.in>.
André Warnier wrote:
> J. Bakshi wrote:
>>
>> Any idea how to prevent it ?
>>
> In simple words, and as many people on this list have tried to tell
> you already : NO. NO like "there is no way to prevent it".
>
>
> Have a look at the wget and curl "--user-agent" command-line options,
> and try them with your pages.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Thanks for this clue.
It is really helpful.
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: how to prevent mp3 downloading ?
Posted by André Warnier <aw...@ice-sa.com>.
J. Bakshi wrote:
>
> Any idea how to prevent it ?
>
In simple words, and as many people on this list have tried to tell you
already : NO. NO like "there is no way to prevent it".
The fundamental idea here is : if you give some information away from
your web server to a web browser, then it is given, and you can't take
it back. You can try to hide it, disguise it, obfuscate it, but in the
end the browser has it, so the user has it, and there is nothing you can
do about it.
Someone else wrote : if you don't want the user to be able to download
something from your server, then do not put it there.
That is true.
The only way to do something that resembles what you want, would be to
require the usage, at the user side, of a special "playback agent" that
they download from your site in advance, and which talks to your server
in some encrypted way. But even then, whatever that plugin exchanges
with your server still circulates between the browser and the server on
the Internet, and a sufficiently motivated user can record what happens,
analyse it, reproduce it, etc..
Just to press the point : you mention that you done things in your
.htaccess to prevent people to download stuff using curl, wget etc..
That's an illusion. The htaccess (or any other similar method supposed
to exclude some remote agents) works only on the base of some
information that the user-agent provides to the server (look up the
User-Agent HTTP header). If the user changes that header, then your
htaccess will be fooled.
Have a look at the wget and curl "--user-agent" command-line options,
and try them with your pages.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: how to prevent mp3 downloading ?
Posted by Octavian Rasnita <or...@gmail.com>.
From: "J. Bakshi" <jo...@infoservices.in>
To: <us...@httpd.apache.org>> Dan Poirier wrote:
>> "J. Bakshi" <jo...@infoservices.in> writes:
>>
>>
>>> Eric Covener wrote:
>>>
>>>> On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in> wrote:
>>>>
>>>>
>>>>> Dear list,
>>>>>
>>>>> I have a .htaccess ( copied from the some tutorials available in
>>>>> internet ) to disable site grabbers like wget, curl, httrack etc.......
>>>>> and I have tested that these tools are not able to download anything
>>>>> from my site. nice so far. But If I put the mp3 link available at my
>>>>> site directly in the browser then browser download the mp3. it is also
>>>>> true for images. How can I prevent this ?
>>>>>
>>>>>
>>>>>
>>>> You could use mod_rewrite to make sure the referer is set to something
>>>> you expect, but it's still going to ultimately be downloadable.
>>>>
>>>>
>>>>
>>> Please suggest what else I can do.
>>> Please
>>>
>>
>> Please explain what you're trying to do. It sounds like you just don't
>> want anyone to download your files, but the solution to that is easy -
>> don't put them on your server.
>>
>
> Ok, Here I am trying to give you all a more detailed view. At my site
> there are a no. of pages where flash plugins are installed which plays
> mp3 songs online. The .htaccess has all the site grabber as banned. So
> the site can't be grabbed with curl, wget , httrac etc......
That "protection" is not a protection at all. It is very easy to create an HTTP client with perl and set it to use the same user agent as Firefox or Internet Explorer, to set the referer you want, to send/receive/store cookies... do everything a browser does.
> But if you view the page source, you can see the link of the mp3 file.
> As example http://mydomain.com/folder1/song1.mp3 and if you just put
> this link in your browser, it simply give you the "save as" option and
> you can save it with out any trouble. This simply bypass the .htaccess
> restriction and I like to prevent this.
You can't prevent this.
If you could, then the Flash wouldn't be able to download the mp3 file in order to play it.
Some sites like YouTube don't put a direct link to the mp3 file, but to another program that checks some things like the user agent, the referer, and maybe other things, and that program offers the content of the mp3 file.
But as you may know, there are very many programs that can be used to download files from YouTube.
Octavian
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: how to prevent mp3 downloading ?
Posted by "J. Bakshi" <jo...@infoservices.in>.
Dan Poirier wrote:
> "J. Bakshi" <jo...@infoservices.in> writes:
>
>
>> Eric Covener wrote:
>>
>>> On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in> wrote:
>>>
>>>
>>>> Dear list,
>>>>
>>>> I have a .htaccess ( copied from the some tutorials available in
>>>> internet ) to disable site grabbers like wget, curl, httrack etc.......
>>>> and I have tested that these tools are not able to download anything
>>>> from my site. nice so far. But If I put the mp3 link available at my
>>>> site directly in the browser then browser download the mp3. it is also
>>>> true for images. How can I prevent this ?
>>>>
>>>>
>>>>
>>> You could use mod_rewrite to make sure the referer is set to something
>>> you expect, but it's still going to ultimately be downloadable.
>>>
>>>
>>>
>> Please suggest what else I can do.
>> Please
>>
>
> Please explain what you're trying to do. It sounds like you just don't
> want anyone to download your files, but the solution to that is easy -
> don't put them on your server.
>
Ok, Here I am trying to give you all a more detailed view. At my site
there are a no. of pages where flash plugins are installed which plays
mp3 songs online. The .htaccess has all the site grabber as banned. So
the site can't be grabbed with curl, wget , httrac etc......
But if you view the page source, you can see the link of the mp3 file.
As example http://mydomain.com/folder1/song1.mp3 and if you just put
this link in your browser, it simply give you the "save as" option and
you can save it with out any trouble. This simply bypass the .htaccess
restriction and I like to prevent this.
Any idea how to prevent it ?
thanks
> Dan
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: how to prevent mp3 downloading ?
Posted by Dan Poirier <po...@pobox.com>.
"J. Bakshi" <jo...@infoservices.in> writes:
> Eric Covener wrote:
>> On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in> wrote:
>>
>>> Dear list,
>>>
>>> I have a .htaccess ( copied from the some tutorials available in
>>> internet ) to disable site grabbers like wget, curl, httrack etc.......
>>> and I have tested that these tools are not able to download anything
>>> from my site. nice so far. But If I put the mp3 link available at my
>>> site directly in the browser then browser download the mp3. it is also
>>> true for images. How can I prevent this ?
>>>
>>>
>>
>> You could use mod_rewrite to make sure the referer is set to something
>> you expect, but it's still going to ultimately be downloadable.
>>
>>
> Please suggest what else I can do.
> Please
Please explain what you're trying to do. It sounds like you just don't
want anyone to download your files, but the solution to that is easy -
don't put them on your server.
Dan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to prevent mp3 downloading ?
Posted by "J. Bakshi" <jo...@infoservices.in>.
Eric Covener wrote:
> On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in> wrote:
>
>> Dear list,
>>
>> I have a .htaccess ( copied from the some tutorials available in
>> internet ) to disable site grabbers like wget, curl, httrack etc.......
>> and I have tested that these tools are not able to download anything
>> from my site. nice so far. But If I put the mp3 link available at my
>> site directly in the browser then browser download the mp3. it is also
>> true for images. How can I prevent this ?
>>
>>
>
> You could use mod_rewrite to make sure the referer is set to something
> you expect, but it's still going to ultimately be downloadable.
>
>
Please suggest what else I can do.
Please
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to prevent mp3 downloading ?
Posted by Eric Covener <co...@gmail.com>.
On Fri, Mar 20, 2009 at 7:16 AM, J. Bakshi <jo...@infoservices.in> wrote:
> Dear list,
>
> I have a .htaccess ( copied from the some tutorials available in
> internet ) to disable site grabbers like wget, curl, httrack etc.......
> and I have tested that these tools are not able to download anything
> from my site. nice so far. But If I put the mp3 link available at my
> site directly in the browser then browser download the mp3. it is also
> true for images. How can I prevent this ?
>
You could use mod_rewrite to make sure the referer is set to something
you expect, but it's still going to ultimately be downloadable.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org