Flowplayer 使用 Apache 进行安全流式传输 [英] Flowplayer Secure Streaming with Apache

问题描述

更新:这是一个关于如何在以下情况下为流媒体视频提供某种程度的安全性的教程:
1) 您正在使用 Flowplayer 和 Apache
2) 您不希望用户能够下载视频(仅限流媒体)
3) 您不希望用户能够将视频的 URL 放在浏览器中(限制访问视频)
4) 您只希望用户在拥有适当凭据的情况下才能流式传输视频

Update: This is now a tutorial on how to give some level of security to streaming videos if:
1) you are using Flowplayer with Apache
2) you don't want users to be able to download the video (streaming only)
3) you don't want users to be able to put the URL of the video in the browser (limited access videos)
4) you only want users to be able to stream the video if they have the proper credentials

您必须事先了解 PHP 和 .htaccess 文件.

You must have prior knowledge of PHP and .htaccess files.

原帖:
我的客户希望隐藏他的视频，以便在他的域中购买之前无法流式传输(他也不希望用户能够下载视频).我正在尝试使用 Flowplayer 的 Secure Streaming 来做到这一点，我想我快到了 9我现在到了！).到处搜索后，我找到了这篇文章.

我已经通过 .htaccess 限制了其他网站的热链接，现在我试图限制某人的访问，只是复制 url 并将其粘贴到地址栏中(即 http://www.mydomain.com/videos/testVideo.mov)

I've restricted hot-linking by other sites via .htaccess now I'm trying to restrict access by someone just copying the url and pasting it in the address bar (i.e. http://www.mydomain.com/videos/testVideo.mov)

我使用 PHP/AJAX 生成此 HTML(大多数示例使用 JS Flowplayer 插件，我使用 <object> 标记嵌入播放器，不涉及 JS. 如果你使用 JS 插件，使用它而不是嵌入版本，.htaccess 文件和 video.php 文件将是相同的.)

I've used PHP/AJAX to generate this HTML (most examples out there use the JS Flowplayer Plugin, I'm using the <object> tag to embed the player, no JS involved. If you use the JS plugin, use that instead of the embedded version, the .htaccess file and the video.php file will be the same.)

$videofilename = 'testVideo.mov';    
$hash = md5('1234');
$timestamp = time();
$videoPath = $hash.'/'.$timestamp.'/'.$videofilename;
echo '
<object width="667" height="375" type="application/x-shockwave-flash" data="http://releases.flowplayer.org/swf/flowplayer-3.2.8.swf">
    <param name="wmode" value="transparent"/>
    <param name="movie" value="../swf/flowplayer.securestreaming-3.2.8.swf" />
    <param name="allowfullscreen" value="true" />
    <param name="timestamp" value="'.$timestamp.'" />
    <param name="token" value="'.$hash.'" />    
    <param name="streamName" value="'.$videofilename.'" />      

    <param name="flashvars" value=\'config={
        "playlist":[
            {"url": "'.$videoPath.'", "baseUrl": "http://www.mydomain.com/videos", "autoPlay":false,"autoBuffering":true,"bufferLength":5}
            ]

        }\' />
</object>';

现在在目录 videos 我把这个 .htaccess 文件:

Now in the directory videos I put this .htaccess file:

 RewriteEngine on
 RewriteRule ^(.*)/(.*)/(.*)$ http://www.mydomain.com/vidoeos/video.php?h=$1&t=$2&v=$3
 RewriteRule ^$ - [F]
 RewriteRule ^[^/]+\.(mov|mp4)$ - [F]

更新:php 文件的目的是 1) 获取数据哈希、时间戳和视频文件名(test.mov 或其他)2) 确保一切都检查出来(我在此示例中故意省略了长度的安全检查)和 3) 将您的视频流提供给 Flowplayer.在授予访问权限之前，请确保 $originaltimestamp 和 $hash 是好的.您还可以检查会话凭据，从数据库中获取真实"文件位置，或者在授予用户访问权限之前进行任何类型的 php 安全检查.

Update: The purpose of the php file is to 1) get the data hash, timestamp, and video filename (test.mov or whatever) 2) Make sure everything checks out (I purposely ommitted the security checks in this example for length) and 3) Give Flowplayer the stream of your video. Make sure the $originaltimestamp and $hash are good before giving access. You may also check session credentials, get the 'real' file location from a database, or do any kind of php security checking you want before you give the user access.

还要记住更改 Content-type: 字段，以便它与正确的文件扩展名相关联(即 video/mp4 如果视频是 *.mp4)

Also remember to change the Content-type: field so it correlates with the correct file extension (i.e. video/mp4 if the video is an *.mp4)

videos/video.php 看起来像这样:

<?php
session_start();

$hash = $_GET['h'];
$streamname = $_GET['v'];
$originaltimestamp = $_GET['t'];

header('Content-Description: File Transfer');
header('Content-type: video/quicktime');
header("Content-length: " . filesize($streamname));
header("Expires: 0");
header("Content-Transfer-Encoding: binary");

$file = fopen($streamname, 'r');
echo stream_get_contents($file);    
fclose($file);
?>

总共三个文件，带有播放器的 HTML、.htaccess 文件和最后的 video.php 文件.我最初的问题是 $streamname 是错误的.记住 $streamname 应该是 BaseUrl 之后(或之下)的文件位置.希望这能帮助像我这样的人！

Three files total, the HTML with the player, the .htaccess file and lastly the video.php file. My original problem was the $streamname was wrong. Remember the $streamname should be the file location after (or under) the BaseUrl. Hope this helps someone like me!

有人看到这样做的安全问题吗?

Anyone see security issues with doing it this way?

推荐答案

好的，我解决了！在这一行:

Okay I solved it! In this line:

$streamname = "http://www.mydomain.com/videos/".$streamname;(它不在那里了)

我错了.我所要做的就是删除这一行并且它起作用了.它将以您的 baseUrl 开头.所以它已经在 'videos' 文件夹中，所以 $streamname 应该等于 baseUrl 之后的文件位置.

I had it all wrong. All I had to do was delete this line and it worked. It will start with your baseUrl. So it was already at the 'videos' folder so the $streamname should equal just the location of the file after the baseUrl.

顺便说一句，这花了我大约一周的时间来解决我在互联网上到处寻找以将各个部分放在一起的问题.我将其创建为教程，因此其他人不会有这样的头痛(希望如此！)

On a side note, this took me about a week to solve I was looking everywhere on the internet to put the pieces together. I created this into a tutorial so others won't have such a headache (hopefully!)

这篇关于Flowplayer 使用 Apache 进行安全流式传输的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！