video streaming - How to disable direct access to php file that streams an mp4

Question

I have a php file that streams mp4 videos.

In my website I call the php file in the video tag src.

the php file is in a different server from website and its url is rewritten : server.xxxx.com/{id}

everything works perfectly but when I go on this link I can watch and download the video.

How can stop this from happening? Thanks.

question from:https://stackoverflow.com/questions/65831964/how-to-disable-direct-access-to-php-file-that-streams-an-mp4

Answer 1

You can limit the REFERER to the source page (like the video view page).

# video.php
<?php
if($_SERVER['HTTP_REFERER']!=="https://video.com/watch"){
  echo "Forbidden";
  exit();
}

In the case where it doesn't matter you can also just check if the HTTP_REFERER header is set, otherwise fail.

# video.php
if(!$_SERVER['HTTP_REFERER']){
  echo "Forbidden";
  exit();
}