防止直接访问mp3/wav文件,同时允许Flash Player使用.htaccess(或PHP)访问它们 [英] Prevent direct access to mp3/wav files while allowing a flash player to access them with .htaccess (or PHP)
问题描述
如何在允许Flash播放器使用.htaccess(或PHP)访问文件的同时,防止直接访问/下载mp3/wav文件?我一直在寻找一种只包含部分解决方案和无法正常运行的解决方案的解决方案,以示自己的努力.
How do I prevent direct access/download to mp3/wav files while allowing a flash player to access them with .htaccess (or PHP)? I've been looking for a solution with only partial and non-functioning solutions to show for my efforts.
首先,以下解决方案似乎是一个不错的解决方案,但它也阻止了Flash Player访问文件. 我只能允许来自特定页面的访问吗?:
The solution below seemed like a great fix at first but it also blocks my flash player from accessing the files. Could I only allow access from particular pages?:
< Files ~ ".*\..*"><br />
order allow,deny<br />
deny from all<br />
< /Files>
下面的解决方案乍一看似乎很棒,因为它不允许人们查看目录中的文件,但是如果用户知道音乐文件的确切URL,则可以下载它:
The solution below seemed great at first because it didn't allow people to view the files in the directory but if the user knows the exact URL of the music file, they can download it:
SetHandler application/x-httpd-php<br />
SetHandler application/x-shockwave-flash
现在,我遇到了这篇文章强制用户使用htaccess生成用户名和密码使用htaccess ,但在Flash Player屏幕上会弹出我"对话框. 页面是否可以在没有用户执行任何操作的情况下发送登录信息?
Now, I came across this post that forces a user to produce a username and password using htaccess but I dialog box pops up when on the flash player screen. Is there a way for the page the send the login info without the user doing anything?
如果这不是一种安全方法,那么有人可以建议一种安全且相对简单的方法来实现此限制功能吗? URL和示例将不胜感激
P.S.这是一个WordPress网站,因此,我将使用 PHP 作为编程语言来实现任何解决方案.
P.S. This is a WordPress site, hence, I'll be using PHP as a programming language to implement any solution.
P.S.希望阻止新手下载,而不是黑客/骇客/互联网向导.
P.S. Looking to block novices from downloading, NOT hackers/crackers/internet wizards.
推荐答案
由于PHP可用,因此可以使用它来保护文件.不要在Web根目录中将它们包含在其中,而应放在PHP可以访问的位置.然后生成一次性使用的网址,例如:
Since PHP is available, use it to protect the files. Don't have them in them in the web root, but somewhere that is accessible to PHP. Then generate a one-time-use URL like:
<?php
$unique = md5( uniqid() ); // 32 hex characters
?>
然后将该唯一值存储在session/server/db中,并让另一页在流传输文件之前验证唯一字符串:
Then store that unique value in the session/server/db and have another page validate the unique string prior to streaming the file:
<a href="streamer.php?id=6dd4566eb245627b49f3abb7e4502dd6">Stream Me</a>
请确保在首次使用后(或如果您感到慷慨的话,请在几次使用后)使该唯一令牌过期.无论如何,它不会阻止顽固分子捕获HTTP流,但应防止随意链接.
Be sure to expire that unique token after the first use (or maybe after a few times if you are feeling generous). It won't stop the die-hards from capturing the HTTP stream anyway, but it should prevent casual linking.
这篇关于防止直接访问mp3/wav文件,同时允许Flash Player使用.htaccess(或PHP)访问它们的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
