How To Prevent File HotLink from Internet Download Manager IDM

Question

Am having some issue fixing media file hotlink or download using IDM, am working on serving a video file using PHP and it works fine, but I notice that IDM installed on my computer was able to add download box to the video I am playing using jwplayer. I change the structure of code and added htaccess to rewrite the link, so that the direct access to the file is not display.

mysite.com/file.php?myvideo.flv -> mysite.com/api/file/JU78vhx5uh

I was able to implement this in JWPlayer and it works when serving with PHP, yet the same IDM fetch my video file, I search for other means which is htaccess and it is below

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]

RewriteCond %{HTTP_REFERER} !^$

RewriteRule .*\.(mp4|flv|mp4|mp3)$ /video/thieve.flv [L]

This only work for web browsers and doesn't stop IDM software, I found another PHP referer validator, which check the refere link.

if (strpos($_SERVER['HTTP_REFERER'],'mysite.com')===0)

 {
    header("Location: whatever.php"};
 }else{
    header("Location: index.php");
 }

NB: I found out that IDM sent this information to my script

1. USER AGENT:Mozilla/4.0%20(compatible;%20MSIE%208.0;%20Windows%20NT%206.0;%20Trident/4.0)

2. Http_referer:mysite.com/api/file/JU78vhx5uh (the same with the page where my video is been played).

Please how else am I to prevent hot-linking from this software, because this website is serving free video streaming and I don't want my video downloaded.

Answer 1

In general, the only way to prevent users from downloading your videos is to really stream them via the server. The "emulated streaming" via showing already preloaded video frames will be always "hackable" one way or the other, because in the end you need the player software to know the address - which of course is the full .avi/.mp4/.whatever.

There are quite some streaming servers, also some open source ones are available. A good starting point may be this list. For Linux, Darwin might be one of the best options.

Once you really stream your content, only very advanced users will be able to grab your content by using streamgrabbers (I think there are even servers where this does not work, e.g. Adobes streaming solutions).