Adult Script Mods

Hi,

As requested in the AVS forum, i wrote a small howto on how to prevent hotlinking (or at least try) for Adult Video Script flash videos (flv).

Here’s what you can do:

• Use lighttpd. Lighttpd with mod_secdownload is exactly what you need to prevent hotlinking. Set the timeout for the flv file to maximum 2 hours (in lighttpd.conf and include/config.local.php). Change the lighttpd key for the temporary link creation (in lighttpd.conf and include/config.local.php). You can also keep your videos in a directory that is not accessible from the web (in this case you need to edit lighttpd.conf and some code in the AVS script).
• Even if you use lighttpd users can still download/leech your videos if they know the location (doesnt work if you keep the videos in a directory that cannot be accessed from the web, or if you change the location). To prevent this you can use .htaccess and add
  a few reffer rules: basically if the request for the flv file doesnt come from your own domain/ip, drop this request (you need to create the .htaccess in the media/videos/flv directory).

  Here’s a example for AVS:
  

  RewriteEngine On
  RewriteCond %{HTTP_REFERER} !^http://yousite.com/ [NC]
  RewriteCond %{HTTP_REFERER} !^http://www.yousite.com/ [NC]
  RewriteRule [^/]+.(flv)$ - [F]
  

• If you dont offer the embed feature, you can also add some refferer rules in .htaccess for the media/player directory. All requests for files in this directory should be limited to your server’s ip/domain.

• If you use lighttpd + mod_secdownload, you also need to add refferer rules in lighttpd.conf.
• Use a flash player that can encrypt the url based on a key (flowplayer can do this). The key has to be hard-coded in the flash player.

If you have any ideas/critics…feel free to comment!