防止直接访问 mp3/wav 文件,同时允许 Flash 播放器使用 .htaccess(或 PHP)访问它们 [英] Prevent direct access to mp3/wav files while allowing a flash player to access them with .htaccess (or PHP)
问题描述
如何防止直接访问/下载到 mp3/wav 文件,同时允许 Flash 播放器使用 .htaccess(或 PHP)访问它们?我一直在寻找一个解决方案,其中只有部分和无效的解决方案来展示我的努力.
How do I prevent direct access/download to mp3/wav files while allowing a flash player to access them with .htaccess (or PHP)? I've been looking for a solution with only partial and non-functioning solutions to show for my efforts.
下面的解决方案起初似乎是一个很好的解决方案,但它也阻止了我的 Flash 播放器访问文件.我可以只允许从特定页面访问吗?:
The solution below seemed like a great fix at first but it also blocks my flash player from accessing the files. Could I only allow access from particular pages?:
< Files ~ ".*\..*"><br />
order allow,deny<br />
deny from all<br />
< /Files>
下面的解决方案起初看起来不错,因为它不允许人们查看目录中的文件,但如果用户知道音乐文件的确切 URL,他们可以下载它:
The solution below seemed great at first because it didn't allow people to view the files in the directory but if the user knows the exact URL of the music file, they can download it:
SetHandler application/x-httpd-php<br />
SetHandler application/x-shockwave-flash
现在,我看到了这篇文章 强制用户生成用户名和密码 使用 htaccess 但在 Flash 播放器屏幕上弹出 I 对话框.有没有办法让页面在用户不做任何事情的情况下发送登录信息?
Now, I came across this post that forces a user to produce a username and password using htaccess but I dialog box pops up when on the flash player screen. Is there a way for the page the send the login info without the user doing anything?
如果这不是一种安全的方法,有人可以建议一种安全且相对直接的方法来实现此限制功能吗?网址和示例将不胜感激
附言这是一个 WordPress 网站,因此,我将使用 PHP 作为编程语言来实现任何解决方案.
P.S. This is a WordPress site, hence, I'll be using PHP as a programming language to implement any solution.
附言希望阻止新手下载,而不是黑客/破解者/互联网向导.
P.S. Looking to block novices from downloading, NOT hackers/crackers/internet wizards.
推荐答案
既然 PHP 可用,就用它来保护文件.不要将它们放在 Web 根目录中,而是放在 PHP 可以访问的某个地方.然后生成一个一次性使用的 URL,如:
Since PHP is available, use it to protect the files. Don't have them in them in the web root, but somewhere that is accessible to PHP. Then generate a one-time-use URL like:
<?php
$unique = md5( uniqid() ); // 32 hex characters
?>
然后将该唯一值存储在 session/server/db 中,并在流式传输文件之前让另一个页面验证唯一字符串:
Then store that unique value in the session/server/db and have another page validate the unique string prior to streaming the file:
<a href="streamer.php?id=6dd4566eb245627b49f3abb7e4502dd6">Stream Me</a>
请确保在第一次使用后(或者如果您觉得慷慨的话,可以在几次之后)使该唯一令牌过期.无论如何,它不会阻止顽固分子捕获 HTTP 流,但它应该防止随意链接.
Be sure to expire that unique token after the first use (or maybe after a few times if you are feeling generous). It won't stop the die-hards from capturing the HTTP stream anyway, but it should prevent casual linking.
这篇关于防止直接访问 mp3/wav 文件,同时允许 Flash 播放器使用 .htaccess(或 PHP)访问它们的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
