How to hide video url?

In my php web site the video player appears and plays the video. In Chrome you can right click on the player screen and choose ‘inspect element’ etc, but another choice is ‘Copy video URL’. How can I block that, or hide (or disguise/rename) the video URL?

There is nothing you can do to hide the URL of the video completely. If someone wants to get it, they can.

You said “completely”. How about partially?

I don’t know of any methods that will partially hide it. I phrased it the way I did because I’m sure others will come in here with partial methods…but it’s important for you to realize that they won’t be fool proof.

Ryan is right. There’s lots of JavaScripts to disable the right button of the mouse (which will hide that “copy URL” choice… just Google them and you’ll find dozens) but the only thing you have to do is… disable Javascript and then you will get the URL.

The only other suggestion I have is to hide it with mod_rewrite. Create a custom URL to use for the video via your htaccess and use that URL everywhere. Everyone will see the URL you defined, but they won’t know where the file actually resides on your server (if that matters to you).

Thanks for your reply.
Can you give me an example a custom URL for all videos via htaccess, so I can test that?

How many videos are we talking, what kind of naming convention do they currently have, and what kind of naming convention do you want them to have?

Thanks for your reply.
They now have http://…com/test.mp4, http://…com/video1.mp4, etc.
What I would like to have is any untrue path showing, so someone can’t copy the url and play the video at my data expense.

Oh, my idea won’t solve that. As the URL has to be functional, otherwise, it won’t work on your site either.

Best way to approach your issue is to buy a Vimeo Pro account and upload your videos there, the data/bandwidth becomes Vimeo’s issue, not yours.

Thanks for your reply.
I won’t be getting a Vimeo account, but I will continue looking for a solution to this post.
Any additional help will be appreciated.

Most porn sites use the following technique to stop video leeching. They tie the video URI to the session key. When the session expires, the video URI becomes invalid, and the referring page must be visited again in order to get a new URI based on the new session key. The video URI’s are all hashes at this point. They also further enforce this by checking the http referer to insure it is set to a page authorized to embed the video in question. This isn’t foolproof since http referer spoofing is possible, but it isn’t trivial and requires tools the average joe doesn’t have (though most web developers do for testing).

The result of this technique doesn’t stop users from right clicking and copying the video URI, but since that URI only lasts as long as their browser session, and can’t be transferred to another browser the URI is useless to the copier.

Thanks for your reply. That’s interesting. Can you give a clue/example as to how I might begin to tie the video URL to the session key? thanks

Ok, you’ll need to set your server up such that your videos cannot be directly reached by the webserver. For example, on a Media Temple server each of your sites is in a folder with the domain name, say “myvideosite.com” and in that folder they set up an html folder, and the website lives in that folder. You can put your videos in the “myvideosite.com” folder at the same level as html.

In the page that presents your video start the session and get its id.

session_start();
$sid = session_id();

Now, for each video you’re going to display hash its server side path and the session id.

$hash = md5($path.$sid);
$_SESSION[$hash] = $path;

md5 is safe here as long as you don’t include the full path to the video from the root - the path from the videos folder on down should be sufficient. If there aren’t many videos that might just be a file name. Now, when giving the link you use the hash instead of the real name.

<video width="320" height="240" controls>
  <source src="index.php?video=<?= $hash ?>" type="video/mp4">
</video>

Your index page can now look up the video the user want’s from the session variable.

$path = $_SESSION[$_GET['video']];

The web server destroys the session variable when the browser is closed or when a certain amount of time has elapsed without a page load - by default 24 minutes. This can be changed in the PHP ini file.

This works because the session id is needed to build the hash. Even if they copy the URI, the path stops working when the session expires. If they start a new session they’ll get new URI’s. You will need to pass your videos through PHP using the streaming functions, but that’s another topic.

3 Likes

Wow, this is great!

Thanks for your reply.
How can I use that with my videos being stored in a cloud?

As long as they are on one VM you can follow it as written. Networking up multiple front end servers with a load balancer to share a single session store is far trickier. You can resort to database sessions in that event. These scaled solutions go outside my area of expertise.

Go to your channel, select My Videos, select Edit then under Broadcasting and Sharing Options check box of Privacy to not allow, then press Save Changes.

Go to your channel, select My Videos, select Edit then under
Broadcasting and Sharing Options check box of Privacy to not allow, then
press Save Changes.

Uhm, no. Read threads before replying please.

(I’m in a cantankerous mood tonight, sorry).

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.