Hello,
I am trying to secure content video loaded into Moodle such that you cannot directly link to it from the outside. As it stands now the video loads as a resource without issue but someone can simply right click on the flowplayer, copy the URL, and then have the link to the video to be accessed and download said video from another computer.
How do I allow a person to play the video inside the web browser but prevent the direct download?
Thank you for your time.
I forgot to add, this is for Moodle 2.8.
Chris, this has nothing to do with Moodle, but web server configuration.
if you are on CPanel, then you'll find option of HOTLINK PROTECTION in CPanel, just mention your domains and the file extensions.
in case you are not, then type the following command in your .htaccess file
RewriteCond %{HTTP_REFERER} !^http://mymoodle.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mymoodle.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mymoodle.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mymoodle.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
replacing mymoodle.com with your URLs, and in last line you can mention the file extensions like MP4, FLV etc (just the way I mentioned jpg|jpeg etc.)
and if you want to redirect users to some other page, that tries to open the link directly into browser you can mention in last line
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ dontnotcopy.com [R,NC]
where you can replace the "donotcopy.com" with the path to some HTML file or image (showing finger or something)
Also, just to add, you cannot fully stop people stealing content, as though this is one way to prevent linking content to outside, still there are ways, like people using IDM (Internet Download Manager) and Maxthon Cloud Browser, they do get the links no matter you have initiated HotLink Protection, though I am working on solutions to get rid of this issue of videos being stolen, but not easy task this is. One other way is to send ABR (Adaptive Bit Rate) chunks to the users, this way many other downloading clients wont be able to get file intact, for that you have to have a streaming server intact.
Usman's solution looks quite interesting, I have never tried that.
But personally I favor just putting weak blocks up. That is because the effort required to super secure links outweighs the benefits. Especially as its ultimately futile.
You might look at a very simple solution, of just disabling right click on your video. See this recent post to see how a user does something a bit like this:
https://moodle.org/mod/forum/discuss.php?d=306990
You could actually work this into an automatic solution for all videos on the site pretty easily with the help of some plugins.
Cheers Justin, yet another community contribution!
This did came to my mind too, but as in my case I use propriety JWPlayer PRO edition, so things kind of looks different, but yes it did worked for Video element of HTML 5 as these players does comes with option of right click and option like Download the Video and getting Path of the file.
moreover, even if someone does manage to see the code of linked file from HTML code, they can link it from outside, but hot linking prevents that as well, still all security features intact the software like IDM just shows up a small button beside video as soon as it senses a downloadable media on the page, so right clicks and even hot linking fails there too only solution is HLS VOD streaming in ABR using Streaming server, as that I have tested with plenty applications capable of downloading video and didn't worked. so I am just waiting upon getting to a more powerful server to start a streaming server besides.
I may try this as well, seems like an easy way to also prevent casual downloaders.
Thank you so much. I understand I can never fully protect videos (people can still screen record) but I do want to prevent direct linking and the casual downloaders.
This works...