Apache Streaming and Hotlinking Prevention

symtab · 2011-12-18 10:52:05

After a message from @Eri about Apache streaming faster on his server (s), i started reading about this and i found:

http://code.google.com/p/mod-auth-token/ - mod_secdownload for epache
mod_flvx - FLV streaming
mod_h264_streaming - H264 Streaming

I will test everything and we will also provide this setup.

Eri · 2011-12-18 15:54:51

Also at multi servers if there is a selection for Apache streaming will be great
Moreover this will make server handle more users http://www.dedicated-resources.com/guid … width.html

Last edited by Eri (2011-12-18 15:59:01)

symtab · 2011-12-19 06:17:48

There is no need for selection at multi server add/edit in admin. Probably renaming from Lighttpd to Streaming will do it. mod_auth_token for apache, works exactly the same as mod_secdownload for lighttpd, so nothing changes (in theory, at least, didnt test this yet). Will do tests, as soon as possible and then see how it can be implemented.

symtab · 2011-12-19 07:52:17

I was wrong. It doesnt work the same Just tested.

symtab · 2011-12-19 08:59:44

I dont think you can fake the prefix, it needs to be a real folder

UPDATE: It does work the same!!! :-) But i still have to get it working

symtab · 2011-12-19 11:19:30

Such a fucking pain...i cant get this working at all on Arch Linux. It simply doesnt configure the module from httpd.conf

Eri · 2011-12-19 21:44:51

hmm at tutorials is very easy, (but never tested lol) http://h264.code-shop.com/trac/wiki/Mod … e-Version2

symtab · 2011-12-20 06:46:19

That is very very easy, same for mod_flvx. mod_auth_token is whats causing me pain.

bplex · 2011-12-20 12:50:40

I am actually the one who setup and installed this for Eri.

First, mod_auth_token is similar to, but not quite the same as mod_secdownload... especially if you are using 1.0.6 (it says that it is beta, but it is pretty much production ready). The biggest difference is that mod_auth_token has the ability to limit the URLs to the user that requested the link (by their IP address). This allows for better hotlink protection since the URL is only valid for a single user, regardless of the time.

Getting mod_auth_token setup and installed is relatively easy to do. What steps are not working for you? Also, if you would like, I can install this for you as well.

Last edited by bplex (2011-12-20 12:58:22)

symtab · 2011-12-20 14:16:07

The 1.0.6 function can be enabled/disabled, so it should work the same.

I installed it and configured, but for some reason my configuration is not taked (i know this because i modified the c source code to see whats happening). Here are some logs:

[Tue Dec 20 16:14:08 2011] [warn] [client ::1] mod_auth_token: requesting url -> /asp/stream/6490543e196eaf6bd2ad7b95334db5ef/4eef34ca/mp4/99.mp4, prefix -> (null), prefix length -> (null)

As you can see prefix/prefix_length is always null. My config:

<Location /stream/>
        AuthTokenSecret       "d1gw33d"
    AuthTokenPrefix       "/stream/"
    AuthTokenTimeout      7200
    AuthTokenLimitByIp    on
</Location>

So everything should be configured...but its not working. No idea...i'm gonna leave it for when i have more time.

bplex · 2011-12-20 14:43:26

Your config has ip limiting turned on. Are you sending the IP with your secret, file path, and hex time? Send me a copy of the PHP code that you are using to generate the paths.

symtab · 2011-12-20 15:28:42

Yes i'm sending my ip. Here's the code:

    public static function authtoken_url($video_id, $ext, $key)
    {
        $file   = $video_id.'.'.$ext;
        $pref   = ($ext == 'mobile') ? '/mobile/' : '/'.$ext.'/';
        $hex    = dechex(time());
//        $hex    = sprintf("%08x", time());
        return md5($key.$file.$hex.$_SERVER['REMOTE_ADDR']).'/'.$hex.$pref.$file;
    }

It doesnt really matter what i add for code, because it doesnt match on /stream/. Its like its not taking the configuration for httpd.conf into account. Just see my previous post for the log (i modified the mod_auth_token c code to see what it does, and on a string compare, it doesnt match). Here's the c code:

        /* check if the request uri is to be protected */
        if (conf->prefix == NULL || strncmp(r->uri, conf->prefix, conf->prefix_len)) {
                ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "mod_auth_token: requesting url -> %s, prefix -> %s, prefix length -> %s", r->uri, conf->prefix, conf->prefix_len);
                return DECLINED;
        }

As you can see, for some reason it doesnt match with strncmp...This is on Arch Linux with latest version of Apache. I will also test on my server with a older version of apache and see if it works correctly.

bplex · 2011-12-20 15:35:28

Ah, ok. I just saw that. Are you adding your code to the vhost config for the domain you are testing? The code is vhost domain specific. You will know that is is working because when you visit the real path to the domain (http://example.com/stream), you will immediate get a authentication required dialog box (see http://vscdemo2.vsharesolutions.com/flvideo/). If you do not get the authorization required message, your auth code is not in the vhost config for the site properly.

As a note, I have a test server running Arch and have it working on it just fine.

I guess the real question is are you getting a 404, a 401, or a 403 with your links?

Last edited by bplex (2011-12-20 15:39:18)

symtab · 2011-12-27 15:35:29

Ok. The problem was that i didnt use it in a vhost. Since you cannot define from where to load the files, how do you actually specify that the file is in /home/username/public_html/media/videos/flv for example?

bplex · 2011-12-27 16:03:04

The location is relative to the vhost's public_html directory. So to protect the /home/username/public_html/media/videos/flv folder, you would actually set the location variable to being:

<Location /media/>
...
...
...
</Location>

By protecting the /media/ directory, any directory below it is automatically protected as well.

symtab · 2011-12-27 19:13:42

Ok. Got it. Thank you very very much for helping.

bplex · 2011-12-27 22:19:56

Not a problem

ful2fun.com · 2012-01-01 18:40:41

How To Install Linux And Server Softwares For Hosting Site....
Means The Softwares Required And How To Install It And Host Site Please Help Me I Want To Try I Am New At Linux

ful2fun.com
livesexpirates.com

Last edited by ful2fun.com (2012-01-01 18:41:19)

symtab · 2012-01-02 07:29:47

I will write a howto about this, once i get some free time.

symtab · 2012-01-17 15:38:52

If you enable this and you want to protect /media/ then everything in this subfolder will be protected It will work for videos on separate servers though...using multi-server.

Adult Script Pro Community Forums

#1 2011-12-18 10:52:05

Apache Streaming and Hotlinking Prevention

#2 2011-12-18 15:54:51

Re: Apache Streaming and Hotlinking Prevention

#3 2011-12-19 06:17:48

Re: Apache Streaming and Hotlinking Prevention

#4 2011-12-19 07:52:17

Re: Apache Streaming and Hotlinking Prevention

#5 2011-12-19 08:59:44

Re: Apache Streaming and Hotlinking Prevention

#6 2011-12-19 11:19:30

Re: Apache Streaming and Hotlinking Prevention

#7 2011-12-19 21:44:51

Re: Apache Streaming and Hotlinking Prevention

#8 2011-12-20 06:46:19

Re: Apache Streaming and Hotlinking Prevention

#9 2011-12-20 12:50:40

Re: Apache Streaming and Hotlinking Prevention

#10 2011-12-20 14:16:07

Re: Apache Streaming and Hotlinking Prevention

#11 2011-12-20 14:43:26

Re: Apache Streaming and Hotlinking Prevention

#12 2011-12-20 15:28:42

Re: Apache Streaming and Hotlinking Prevention

#13 2011-12-20 15:35:28

Re: Apache Streaming and Hotlinking Prevention

#14 2011-12-27 15:35:29

Re: Apache Streaming and Hotlinking Prevention

#15 2011-12-27 16:03:04

Re: Apache Streaming and Hotlinking Prevention

#16 2011-12-27 19:13:42

Re: Apache Streaming and Hotlinking Prevention

#17 2011-12-27 22:19:56

Re: Apache Streaming and Hotlinking Prevention

#18 2012-01-01 18:40:41

Re: Apache Streaming and Hotlinking Prevention

#19 2012-01-02 07:29:47

Re: Apache Streaming and Hotlinking Prevention

#20 2012-01-17 15:38:52

Re: Apache Streaming and Hotlinking Prevention

Board footer