Hello,

I have been researching this all over the net for the past few days and I'm still unsure of how to best handle my situation. Basically, I run a mp3 artist hosting website, and I'm finding as we grow that hotlinking to the mp3 files is becoming a major concern.

The problem I am having is that all of the .htaccess methods of dealing with hotlinking have not really worked. As I understand it most browsers don't send referrer information when calling media files such as mp3's and so forth so the only way to make the .htaccess method work is to block blank referrers as well, but this causes errors with the website itself.

If anyone on these boards has dealt with this situation before, I'd love some help with this. I don't really know what to do, but I know that somewhere there has to be an answer so any suggestions are welcome.

thank you,

Chris

    Not sure I understand the problem... anyone can download the files... but you want them to visit the site first? Or are they required to login, is that the problem?

    If they're required to login, just don't store the mp3s in a directory that is exposed to the web, and readfile() the file to them ONLY if they are logged in.

    If you just want them to visit first... maybe assign them a session everytime they visit site... and dont' allow them to download the mp3 ( readfile metdho again ) unless they ahve a session. That way a hotlink without a valid session would be denied, and forwarded to your site first.

      Step 1) Move the files outside of you web structure so that web browsers cannot directly access the files

      Step 2) Create a passthrough program in php. This program will use fopen and fread to read the file in and send it to the browser, with the appropriate headers of course.

      Once that is done run a few tests logging the $_SERVER variables and analyse that data to see what you can use to stop hotlinking.

      I've been looking for an article topic maybe I'll do this.

        Write a Reply...