Protecting folder in public_html

Question

I have a music sharing site and realize that the files on my site are not necessarily protected as they are stored in a subfolder in public_html. I need to protect them in a way that they still work for anyone in the music player, which located on a listen.php page. However, if the user goes directly to a file, such as this http://www.pearlsquirrel.com/mp3/95d246c26a7c003cdac86ead05659b37.m4a. I do not want them to be able to download the file so as to protect my users. However, I can not add any code to that page because it is an mp3. Is there a way to add an index to the folder that would allow for me to add javascript to that page? I tried using .htaccess but had no luck with it. If anyone knows how I could possibly solve this problem, it would be greatly appreciated. Thanks!

Answer 1

You could rewrite your music file's URLs to a PHP script, check some login via session and output the music file only if the user is logged in.

You could also put a copy of a mp3, that a user is listening to with a session id in the name and remove it after the session get's invalid. This way every user has it's own URL that will not be active permanently.

Answer 2

try with .htaccess to:

• forbid directory listing
• check the urlreferrer / remote IP address

But if, depending on the way you play the file to the user, if there is a direct access to the file, it will be hard to secure.

Answer 3

Stu Thompson explains a few ways well in this post - Protect flash video from download/right protect also, this link may be of particular usefulness for you - Is it possible to protect from downloading a video from a site