3

I have swf files that are embedded in a PHP page using SWFObject. These swf files are in the same directory as my PHP files. for example www.myurl.com/index.php embeds www.myurl.com/flashfile.swf, index.php and flashfile.swf are in the same directory. However I want to prevent people from being able to type in www.myurl.com/flashfile.swf and viewing the swf. I want the browser to deny access to this file unless it has been embedded by the PHP file. Should I move my swfs to another folder and protect this folder somehow - is this with the .htaccess file?

I am running Apache on a linux machine. While my main concern is for swf files I would like to protect graphics used on the site too.

all help appreciated thanks

undefined
  • 654
  • 2
  • 8
  • 18

2 Answers2

8
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|swf)$ yourdomain.com/goaway.jpg [NC,R,L]
Mike
  • 21,910
  • 7
  • 55
  • 79
  • most downloader's have "send referer as ..." option. just consider that. but something with php session backend & apache_rewrite will be better for bot/crawler/downloader check. – risyasin May 24 '10 at 21:43
  • Thanks I have added this and tested and it works great. Thanks for pointing out about send referer as. How can I use PHP session to protect this further. Im not sure how to use a session to protect files, only pages. – undefined May 27 '10 at 14:53
5

It's important to realize that certain content must be downloaded to be displayed, such as with graphics. Anything you add to "prevent" them being downloaded will be limited. Direct links, however, can be prevented in most cases but a clever script could still set REFERER.

Flash streamed from Flash server makes it more difficult to download and hot link as well. For controlling Flash, this should probably be investigated.

I like Mike's solution though, I gave him +1.

Warner
  • 23,440
  • 2
  • 57
  • 69
  • 2
    +1 for pointing out that if it can be watched, it can be copied, all you can do it make it a little harder to copy/rip/whatever. – Chris S May 24 '10 at 15:14