Flowplayer安全流与Apache [英] Flowplayer Secure Streaming with Apache
问题描述
更新:这是现在如何给某些安全水平,如果流媒体视频教程:
1)您使用Flowplayer与Apache
2)你不希望用户能够下载的视频(仅适用于流媒体)
3)你不希望用户能够把视频的URL在浏览器中(有限访问视频)
4)你只希望用户能够以流式传输视频,如果他们有适当的凭据
Update: This is now a tutorial on how to give some level of security to streaming videos if:
1) you are using Flowplayer with Apache
2) you don't want users to be able to download the video (streaming only)
3) you don't want users to be able to put the URL of the video in the browser (limited access videos)
4) you only want users to be able to stream the video if they have the proper credentials
您必须事先了解的 PHP 和的.htaccess 文件。
You must have prior knowledge of PHP and .htaccess files.
原贴:
我的客户希望自己的视频隐藏,使他们不能流,直到他们在他的领地购买(他不希望用户能够下载视频其一)。我试图用Flowplayer的安全流做到这一点,我觉得我几乎有9I'm那里吧!)。搜索无处不后,我发现这个帖子。
Original Post:
My client wants his videos hidden so that they cannot be streamed until they are purchased on his domain (he doesn't want users to be able to download the video either). I'm trying to do this with Flowplayer's Secure Streaming and I think I'm almost there 9I'm there now!). After searching everywhere I found this post.
我已经限制盗链其他网站通过的.htaccess现在我试图限制被人只是将网址复制并粘贴到地址栏(即<一个访问href="http://www.mydomain.com/videos/testVideo.mov">http://www.mydomain.com/videos/testVideo.mov)
I've restricted hot-linking by other sites via .htaccess now I'm trying to restrict access by someone just copying the url and pasting it in the address bar (i.e. http://www.mydomain.com/videos/testVideo.mov)
我用PHP / AJAX来生成这个HTML(大多数的例子在那里使用JS Flowplayer插件,我使用了&LT;对象&gt; 标签嵌入玩家,没有JS受累。如果使用的JS插件,使用,而不是嵌入版本,.htaccess文件和video.php文件将是相同的。)
I've used PHP/AJAX to generate this HTML (most examples out there use the JS Flowplayer Plugin, I'm using the <object> tag to embed the player, no JS involved. If you use the JS plugin, use that instead of the embedded version, the .htaccess file and the video.php file will be the same.)
$videofilename = 'testVideo.mov';
$hash = md5('1234');
$timestamp = time();
$videoPath = $hash.'/'.$timestamp.'/'.$videofilename;
echo '
<object width="667" height="375" type="application/x-shockwave-flash" data="http://releases.flowplayer.org/swf/flowplayer-3.2.8.swf">
<param name="wmode" value="transparent"/>
<param name="movie" value="../swf/flowplayer.securestreaming-3.2.8.swf" />
<param name="allowfullscreen" value="true" />
<param name="timestamp" value="'.$timestamp.'" />
<param name="token" value="'.$hash.'" />
<param name="streamName" value="'.$videofilename.'" />
<param name="flashvars" value=\'config={
"playlist":[
{"url": "'.$videoPath.'", "baseUrl": "http://www.mydomain.com/videos", "autoPlay":false,"autoBuffering":true,"bufferLength":5}
]
}\' />
</object>';
现在在目录视频我把这个.htaccess文件:
Now in the directory videos I put this .htaccess file:
RewriteEngine on
RewriteRule ^(.*)/(.*)/(.*)$ http://www.mydomain.com/vidoeos/video.php?h=$1&t=$2&v=$3
RewriteRule ^$ - [F]
RewriteRule ^[^/]+\.(mov|mp4)$ - [F]
更新:
php文件的目的是为 1)获得数据的哈希,时间戳和视频文件名(test.mov或其他)的 2)确保一切正常(我故意忽略,则安全检查在本例中为长)和 3)给Flowplayer视频流。确保 $ originaltimestamp 和 $哈希是给访问之前好。你也可以检查会话证书,从数据库中获取的真正的文件的位置,或做任何形式的PHP的安全检查你想你给用户访问之前。
Update:
The purpose of the php file is to 1) get the data hash, timestamp, and video filename (test.mov or whatever) 2) Make sure everything checks out (I purposely ommitted the security checks in this example for length) and 3) Give Flowplayer the stream of your video. Make sure the $originaltimestamp and $hash are good before giving access. You may also check session credentials, get the 'real' file location from a database, or do any kind of php security checking you want before you give the user access.
还记得修改内容类型:字段,以便它与正确的文件扩展名关联(即视频/ MP4 如果视频是* .MP4)
Also remember to change the Content-type: field so it correlates with the correct file extension (i.e. video/mp4 if the video is an *.mp4)
和视频/ video.php 是这样的:
<?php
session_start();
$hash = $_GET['h'];
$streamname = $_GET['v'];
$originaltimestamp = $_GET['t'];
header('Content-Description: File Transfer');
header('Content-type: video/quicktime');
header("Content-length: " . filesize($streamname));
header("Expires: 0");
header("Content-Transfer-Encoding: binary");
$file = fopen($streamname, 'r');
echo stream_get_contents($file);
fclose($file);
?>
三个文件总计,在 HTML 的玩家,在的.htaccess 文件,最后在 video.php 文件。我原来的问题是 $ streamName中是错误的。记住后(或下)的 $ streamName中应该是文件位置的baseUrl。希望这可以帮助像我一样的人!
Three files total, the HTML with the player, the .htaccess file and lastly the video.php file. My original problem was the $streamname was wrong. Remember the $streamname should be the file location after (or under) the BaseUrl. Hope this helps someone like me!
任何人看到安全问题做这种方式?
Anyone see security issues with doing it this way?
推荐答案
好吧,我解决了!在这一行:
Okay I solved it! In this line:
$ streamName中=http://www.mydomain.com/videos/$ streamName中。(这不是在那里了)
我拥有了一切错误的。我所要做的就是删除这条线,它的工作。它将开始与您的baseUrl。所以这是已经在视频文件夹,所以$ streamName中应的baseUrl后等于文件只是位置。
I had it all wrong. All I had to do was delete this line and it worked. It will start with your baseUrl. So it was already at the 'videos' folder so the $streamname should equal just the location of the file after the baseUrl.
在一个侧面说明,这花了我大约一个星期来解决,我到处找在互联网上把拼在一起。我创造了这个变成一个教程,让其他人不会有这样的头痛(希望!)
On a side note, this took me about a week to solve I was looking everywhere on the internet to put the pieces together. I created this into a tutorial so others won't have such a headache (hopefully!)
这篇关于Flowplayer安全流与Apache的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
