how to prevent downloading video from amazon cloudfront using signed urls

Question

I am amazon cloudfront distribution for video files in my website. To read those files I am using signed url method with canned policy to read video file from amazon cloudfront distribution. Below is the example of signed url.

http://cloudfront-domainname/VideoFileName.mp4?Expires=1427805933&Signature=signature-of-policy-statement&Key-Pair-Id=cloudfront-key-pair-id

If I directly paste this url in address bar, I am able to download the video. How to prevent user from downloading this video but video should play in the HTML5 media player.

Answer 1

I think signed cookie (which were recently release) could help you: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html. Definitely smart users will sniff cookies (you need to serve file through HTTPS to prevent this), but this is definitely the better protection than signed URL

Answer 2

You can prevent users from downloading the file directly using a HTTP referrer policy. You should restrict the HTTP referrer to the domain where you host the embedded media player.

This article explains it very well if you're using Amazon AWS

Keep in mind that the referrer can be spoofed using third-party software or browser extensions, but it should prevent the casual user from downloading the file.