How to prevent direct linking to audio files

I have hundreds of audio files on my site that I have obtained from various
sources. Although I present them for free but, at the same time, I do not
want any other sites to direct link to those audio files (bypassing the HTML
pages). Is there a way to re-direct users to my home page (or any other HTML
page on my site) before they can access the audio file, if they come from
other sites?

"Mike" <mike@widelyused.com> wrote in news:3ca9e1ba$1@10.1.10.29:

>
> I have hundreds of audio files on my site that I have obtained from
> various sources. Although I present them for free but, at the same
> time, I do not want any other sites to direct link to those audio files
> (bypassing the HTML pages). Is there a way to re-direct users to my
> home page (or any other HTML page on my site) before they can access
> the audio file, if they come from other sites?
>
There's a Referrer header that tells you what page the user is coming from.
You could run a script that redirects anything not coming from your home
page to your home page.

Terry Austin

The Referer header cannot be trusted... it's just another header - i can write
a Perl script which sets this header.

taustin@hyperbooks.com (Terry Austin) wrote:
>"Mike" <mike@widelyused.com> wrote in news:3ca9e1ba$1@10.1.10.29:
>
>>
>> I have hundreds of audio files on my site that I have obtained from
>> various sources. Although I present them for free but, at the same
>> time, I do not want any other sites to direct link to those audio files
>> (bypassing the HTML pages). Is there a way to re-direct users to my
>> home page (or any other HTML page on my site) before they can access
>> the audio file, if they come from other sites?
>>
>There's a Referrer header that tells you what page the user is coming from.

>You could run a script that redirects anything not coming from your home

>page to your home page.
>
>Terry Austin

move the files away from the Web root, say c:\stuff\audio
DO NOT provide the user the name of the file as part of the URI
Use an ID for each file.
Use a databse to match each ID -> file
At the backend stream the file bits back to the user and manually build the
http payload.

it sounds nasty - but it works well.


"Mike" <mike@widelyused.com> wrote:
>
>I have hundreds of audio files on my site that I have obtained from various
>sources. Although I present them for free but, at the same time, I do not
>want any other sites to direct link to those audio files (bypassing the
HTML
>pages). Is there a way to re-direct users to my home page (or any other
HTML
>page on my site) before they can access the audio file, if they come from
>other sites?
>

Hi,
I guess this comes down to the classic security principle - how much is the
information worth, and how much effort are you willing to put in to guard
that asset? Basically the cost of information should be greater than the
cost of the security measures used to protect it...
Obviously the DB based session ident. is the foolproof way, but maybe an
ISAPI filter which checks header / cookie might also do the job? I remember
a nice example in the Fitch and Mather series...

Regards,

Arvind Shyamsundar
Brainbench MVP for Internet Security


"Michael Howard" <mikehow@microsoft.com> wrote:
>
>The Referer header cannot be trusted... it's just another header - i can
write
>a Perl script which sets this header.
>
>taustin@hyperbooks.com (Terry Austin) wrote:
>>"Mike" <mike@widelyused.com> wrote in news:3ca9e1ba$1@10.1.10.29:
>>
>>>
>>> I have hundreds of audio files on my site that I have obtained from
>>> various sources. Although I present them for free but, at the same
>>> time, I do not want any other sites to direct link to those audio files
>>> (bypassing the HTML pages). Is there a way to re-direct users to my
>>> home page (or any other HTML page on my site) before they can access
>>> the audio file, if they come from other sites?
>>>
>>There's a Referrer header that tells you what page the user is coming from.
>
>>You could run a script that redirects anything not coming from your home
>
>>page to your home page.
>>
>>Terry Austin
>

Well Mike,

There are a number of ways to mask things. The simplest ways can be worked
out by anyone. Alternatively, you will have to have some kind of server side
component to take requests for the files (a unique id), and push them out
to the client.

Cuan


"Mike" <mike@widelyused.com> wrote:
>
>I have hundreds of audio files on my site that I have obtained from various
>sources. Although I present them for free but, at the same time, I do not
>want any other sites to direct link to those audio files (bypassing the
HTML
>pages). Is there a way to re-direct users to my home page (or any other
HTML
>page on my site) before they can access the audio file, if they come from
>other sites?
>