的.htaccess .MP4盗链手机视频无法播放 [英] .htaccess .mp4 hotlinking mobile video doesn't play

问题描述

嗨所以我有一大堆的视频的哪个用户应该只能够一个videos.php页面上看到有一个HTML5标签。当你直接访问MP4文件应该重定向到主页。这使用下面的code正常工作。

Hi So I have a bunch of video's which users should only be able to see on a videos.php page with has a html5 tag. When you directly access the mp4 file it should redirect you to the homepage. This works fine using the code below.

我利用了这个code：

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain.com [NC]
RewriteRule \.(mp4)$ - [NC,F,L]

然而，任何移动设备上的重定向作品，但视频停一次我实现了新的规则玩。于是我发现，从这个地方code，希望将工作：

However on any mobile device the redirect works but the videos stopped playing once I've implemented the new rule. So I found this code from somewhere in hopes it will work:

# for android/ipad/iphone/BlackBerry/Nokia/Samsung/Windows Phone
RewriteCond %{HTTP_USER_AGENT} !(Android|iPad|iPhone|BlackBerry|Nokia|SAMSUNG|Windows\ Phone)

仍然没有运气，在移动和桌面的作品盗链，除了移动视频文件不能播放。我已经恢复到原来的code：

Still no luck, the hotlinking on mobile and desktop works except on mobile the video files don't play. I've reverted back to the original code:

RewriteEngine on   

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain.com [NC]
RewriteRule \.(mp4|jpg|gif)$ - [NC,F,L]

如果有人能帮助我理解为什么视频的不盗链玩我就AP preciate了！

If anyone can help me understand why the video's don't play with hotlinking I would appreciate it!

推荐答案

所以，尝试一切后，我来到了我解决问题的办法。而不是使用的.htaccess的我做了以下内容：

So after trying everything I came to my solution to the problem. Instead of using .htaccess I did the following:

为您的视频创建一个独特的文件夹名称。例如KV93BGYFQW9024J这样的URL将是视频：（可能你每天都可以重新创建此其保存在一个数据库中作为参考）

Create a unique folder name for your videos. e.g. KV93BGYFQW9024J so the url will be to the video : (potentially you can recreate this every day keeping it in a database as reference)

mydomain.com/KV93BGYFQW9024J/video.mp4

现在创建一个看起来像这样的PHP文件：

Now create a php file that looks like this :

<?php
        $video = "video.mp4" //Video name can be retrieved from database using a token passed to this page

    $auth=true; // Authentication can be done here;

    if($auth){
        $path = "KV93BGYFQW9024J/";
        header("Content-type: video/mp4");
        header("Content-Length: ".filesize($path)); // provide file size
        header("Expires: -1");
        header("Cache-Control: no-store, no-cache, must-revalidate");
        header("Cache-Control: post-check=0, pre-check=0", false);
        readfile($path);
    }else{
        echo "Not Authenticated";
    }
?>

然后最后是实际的页面上，你可以有这种

And then lastly on the actual page you can have this

<video id="example_video_1" controls preload="none" autoplay="false" >
      <source src="video.php?id=ISHF298YFGY25H01" type='video/mp4' />  
</video>

该标记应参照视频的名称。我知道这只是一抛过，但有助于避免偷偷摸摸的用户嗅探出其他视频。总括而言，你不能直接访问视频不进行认证，如果你设法弄个文件夹，你可以作为提随机重新生成的名称取决于视频的长度每1-12hours。

The token should reference the name of the video. I know this is just a throw-off but helps to avoid sneaky users from sniffing out other videos. All and all you cannot directly access the video without authentication and if you do manage to get hold of the folder you could as mention randomly re-generate the name every 1-12hours depending on the video length.

如果任何人都可以给我一个更好的解决方案，这将是AP preciated。这将有助于为我现在的我仍然看到该文件夹​​，甚至用随机生成的名称，每2小时（在我的情况）是一个安全漏洞。

If anyone else could give me a better solution to this it would be appreciated. This will help for now my I still see the folder even with a random generated name every 2 hours (in my case) being a security loophole.

感谢

哦，是的问题就在这里感谢我的朋友，该文件将加载全面进入服务器RAM的意思，如果你有一个20MB的文件，整个文件加载到内存，然后传输到用户。如果你有1000个并发连接，您将耗尽内存。关于这个问题的任何增加将pciated以及AP $ P $。

Oh yes problem here thanks to a friend of mine, the file will load fully into the server ram meaning if you have a 20mb file the whole files loads into the ram and then is streamed to user. If you have 1000 concurrent connections, you would run out of ram. Any additions on this subject would be appreciated as well.

这篇关于的.htaccess .MP4盗链手机视频无法播放的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！