2
example I see many pages creating a file m3u and hosting but if you try to paste address in the browser to download the file the page redirects without downloading or show the file to another page. this is done in php pages
2
example I see many pages creating a file m3u and hosting but if you try to paste address in the browser to download the file the page redirects without downloading or show the file to another page. this is done in php pages
3
What happens is the call checks the REFERER, as per wikipedia:
The referer, or HTTP referer (is misspelled as a referer in the official HTTP specifications and has been standardized since then), is an HTTP header field that identifies the web page address (i.e. the URI or IRI) that links to the resource being requested. By checking the referer, the new web page can see where the request originated. (In short: know where the user came from, ie which page he was that sent him to your site).
In the most common situation, this means that when a user clicks on a hyperlink in a web browser, the browser sends a request to the server that stores the target web page. The request includes the referer field, which indicates the last page the user was on (the one he clicked on the link).
The referer log is used to allow web sites and web servers to identify where people are visiting you from, for promotional or statistical purposes.
This means that when a user clicks on a link from a web browser, the browser sends a request to the server that contains the landing page. The request includes referrer information, informing the page that the user was previously.
To detail, suppose you have a page/site called http://exemplo.com/pagina.html
and on this page there is a player:
<object classid="CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95"
codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701"
type="application/x-oleobject">
<param name="fileName" value="musicas.m3u">
<embed type="application/x-mplayer2"
pluginspage="http://www.microsoft.com/Windows/MediaPlayer/"
src="musicas.m3u">
</object>
When the player calls the file musicas.m3u
, this request will receive something like:
GET /musicas.m3u HTTP/1.1
Host: exemplo.com
Connection: keep-alive
Cache-Control: max-age=0
Referer: exemplo.com/pagina.html
See the Referer: exemplo.com/pagina.html
detects that the call came from exemplo.com/pagina.html
.
But if you copy the playlist address and try to open directly http://exemplo.com/musicas.m3u
, the browser will send the request this way:
GET /musicas.m3u HTTP/1.1
Host: exemplo.com
Connection: keep-alive
Cache-Control: max-age=0
Note that now we do not have the REFERER.
You can use PHP, but if your files are static (they are not generated by. php pages, they are real files called .m3u
) you can use the .htaccess
to prevent access if it does not have the REFERER (or is called direct), this will also prevent other sites from using yours. m3u on external pages, saving the traffic of your site, this technique is called prevent hotlink
or stop hotlink
.
Create a file in the root folder (if you’re using Apache) and add this (you also need to prevent caching):
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?exemplo.com [NC]
RewriteRule \.m3u$ - [NC,F,L] #NC é para case-insensitive
<FilesMatch "\.(?i:m3u)$">
FileETag None
<IfModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</IfModule>
</FilesMatch>
If you call any file .m3u
by browser url or by another website it will block access by showing error 403
, if opened by the player it will open the file normally.
But if your file .m3u
, it’s actually a file .php
, create a file called playlist.php
and add this:
<?php
$g = gmdate('D, d M Y H:i:s');
header('Expires: ' . $g . ' GMT');
header('Last-Modified: ' . $g . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
$parsed = empty($_SERVER['HTTP_REFERER']) ? false : parse_url($_SERVER['HTTP_REFERER']);
if (false === empty($parsed['host']) && $parsed['host'] !== 'exemplo.com') {
header('Content-Type: audio/x-mpegurl'); //Aplica o mimetype necessário para o player reconhecer o arquivo que é gerado dinamicamente
echo file_get_contents('arquivo.m3u');//Lê o seu arquivo
} else {
echo 'Hot link';
}
And you must call him that:
<object classid="CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95"
codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701"
type="application/x-oleobject">
<param name="fileName" value="playlist.php">
<embed type="application/x-mplayer2"
pluginspage="http://www.microsoft.com/Windows/MediaPlayer/"
src="playlist.php">
</object>
If called by the player the file .php
generates the playlist used file_get_contents
, already if it is called by the browser url or other site it will show the following error Hot link
.
Although this technique helps protect, everything can be swindled and really this is just a prevention, but it is not 100% safe, a simple way to circumvent is to inject the link to the .m3u
on the site page using javascript (by the browser console) and if you click on the link you are likely to be able to download.
more or less that but I need to have m3u file hosted somewhere and on my site have a page that generates this link but only for Kodi for example if it was placed the link in the browser redirect to another page without downloading the m3u
@Josneimachado just change echo 'Hot link';
for header('Location: http://outrosite');
or if it is . htaccess just use the flag [R=302]
, got it?
did by htacess Rewriteengine on Rewritecond %{HTTP_REFERER} ! http://site.com.br/nv/user.php.$ [NC]
RewriteCond %{HTTP_REFERER} !^ http://site.com.br/nv/user.php$ [OR]
RewriteCond %{HTTP_REFERER} !^ http://www.site.com.br/nv/user.php.$ [NC] Rewritecond %{HTTP_REFERER} ! http://www.site.com.br/nv/user.php? [OR] Rewriterule ..(.)$ http://other.com.br [R=302]
but play instead of the m3u list loads the other site’s html
You added several things I didn’t add to .htaccess
, that is, it has nothing to do with the code I quoted. Try to understand what I went through in the reply, in addition to the code please @Josneimachado
2
If you are using server Apache
, can restrict access to the file to a DOMAIN or IP by creating a file .htaccess
:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?seudominio [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?seudominio.*$ [NC]
RewriteRule \.(m3u|mp3)$ - [F]
Browser other questions tagged php paging link
You are not signed in. Login or sign up in order to post.
Good evening, I wonder if any of the answers helped you, if not please comment on what you think is missing.
– Guilherme Nascimento