This forum has been moved here:
Helicon Tech Community Forum

  Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
HotlinkBlocker (Forum Locked Forum Locked)
 Helicon Tech : HotlinkBlocker
Subject Topic: REDIRECT protection help (Topic Closed Topic Closed)
Author
Message |
jvpeters
Newbie


Joined: 18 January 2007
Posts: 12
Posted: 18 January 2007 at 8:09pm  

Trying to use Redirect protection on our videos (sounds like a good solution), but cannot seem to get the referer header to work. All of our videos ae embedded in a container window, but when I enter the domain (or IP address of the server) in the white list it still stops it from playing. An example of the container can be seen on our home page at:

http://www.athenaonline.com

Videos are on the bottom of the page. We are testing this on a staging server for the videos and website, but no matter what I enter in the white list (except *) it seems to block me. Maybe I am just entering the info wrong, but cannot find any good examples for this.

Can't use link protection because of our distributed server config.

Back to Top
 
jvpeters
Newbie


Joined: 18 January 2007
Posts: 12
Posted: 18 January 2007 at 8:18pm  

Sorry, I am a newb at this. I assume that since we open a container window, which then opens the video on the HotLink protected server that the initial referer will always be the same (our container window). This is why Redirect should work while Referer will not, since the video is passed off to the client after the initial request...is that correct?

Back to Top
 
jvpeters
Newbie


Joined: 18 January 2007
Posts: 12
Posted: 19 January 2007 at 5:50pm  

Bleh, I give up. We have tried everything we can think of on this, but the only way it works is when we turn it off. Link protection works, but we cannot use this because some of our customers have video servers and we also have some Linux ones that are remote. If ANYONE has some ideas please let us know...
Back to Top
 
jvpeters
Newbie


Joined: 18 January 2007
Posts: 12
Posted: 19 January 2007 at 6:41pm  

Even more time and testing into this and still no luck. Only works if we use a blank referer field @^* but then people can also leech the videos for some reason - acts like there is no protection at all. Could be us, our site or the product but the redirect does not seem to work the way it is supposed to. I have had people researching it, but nothing we do has worked so far.

We are using two servers, one to serve the site and another for the videos, but I did not think you needed it installed on both, at least that's what another thread had. We have several video servers we are trying to build around this solution. I know it has only been a couple of days, but we are feeling pretty abused by the lack of documentation or help  on this. Yaroslav, where are you?

Back to Top
 
Yaroslav
Admin Group


Joined: 15 August 2002
Posts: 6520
Posted: 20 January 2007 at 4:07am  

Sorry for the delay.

First of all please show me your HotlinkBlocker configuration file that you are trying with REDIRECT protection.
Then please tell me are you using special Windows Streaming Media server or is it a ordinary .wmv files stored on the server. HotlinkBlocker does not support streaming media protection.
Next if you are using two servers, then you will need to whitelist your content server on the video server. Maybe there is an error in the whitelist pattern, so please show me configuration.

__________________
Yaroslav Govorunov,
Helicon Tech
Back to Top Visit Yaroslav's Homepage
 
jvpeters
Newbie


Joined: 18 January 2007
Posts: 12
Posted: 20 January 2007 at 9:18am  

Hey Yaroslov,

Sorry, I got so cranky, just tired and was getting frustrated at our lack odf success. Not at the office now but can answer your questions.

This is a standard server (not streaming) running under W2K3 Web. Files are just WMV's for progressive download. We are whitelisting the content server on the video server. As I say I am not at the server now, but the config looks like:

Signature=6a75a904-19ce-43d1-a223-24e4edcf30bc
LinkExpires=3600
NotifyOrder=MEDIUM


[Protect]
REDIRECT    /0/*

[ReferersBlackList]
[ReferersWhiteList]
http://www.athenaonline.com/*
*athenaonline.com*
*74.93.9.203/*
[UserAgentsBlackList]
[UserAgentsWhiteList]

We have tried whitelisting everything we can think of. Seems like the only things that work are when we whitelist @^$, @^*, or just *. None of these protect the videos however and I can just go straight to the Properties tab, copy the URL and leech away.

We also wrote an asp page to verify the referer. The only thing I can think of at this point is that maybe I cannot have nested directories in what I am protecting? Maybe I need to create a rule for each directory with movies under the main one? Oh, one more thing. It seems that maybe it works with Flash movies (flv), just not WMV's. Have to do more testing to see if it is protecting tham at all, but they did run when the wmv ones would not.

If you want to give me your email address I can give you access to the test site, and even the server if you like.

Thanks Yaroslav.

Back to Top
 
Yaroslav
Admin Group


Joined: 15 August 2002
Posts: 6520
Posted: 22 January 2007 at 6:08am  

Please try to use regular expression patterns instead of wildcards, I always feel more comfortable with regex:

Code:

Signature=6a75a904-19ce-43d1-a223-24e4edcf30bc
LinkExpires=3600
NotifyOrder=MEDIUM

[Protect]
REDIRECT    @/0/.*

[ReferersBlackList]
[ReferersWhiteList]
@http\://(?:www\.)athenaonline\.com.*
[UserAgentsBlackList]
[UserAgentsWhiteList]


If it does not help can you please place some test page on the video.athenaonline.com site reffering to the media file? Also make sure you are using latest version of HotlinkBlocker and upgrade if needed. If it is a development site canyou please leave protection on for some time so I can analize effect?

__________________
Yaroslav Govorunov,
Helicon Tech
Back to Top Visit Yaroslav's Homepage
 
jvpeters
Newbie


Joined: 18 January 2007
Posts: 12
Posted: 22 January 2007 at 1:51pm  

Hi Yaroslov,

So, very interesting. The embedded videos still do not work with WMV files, but they do with Flash. HLB does not seem to change the link on the embedded flash files (does not add the signature), but does on direct links which is why they play. I am guessing that HLB is trying to add the signature on the WMV embedded videos and cannot, so they never play. The direct link to a WMV works fine, just can't seem to embed it and have it play.

Not sure if this all makes sense?

Jon

Back to Top
 
Yaroslav
Admin Group


Joined: 15 August 2002
Posts: 6520
Posted: 23 January 2007 at 4:33am  

Are you now talking about LINK or REDIRECT protection? In REDIRECT mode HTB does not sign links in code, it redirects to the signed link. Again, is it possible to see the problem in action? Can you set up some test page with test video?

I have a guess about the nature of the problem. If, in embedded mode, browser does not send request to the server and gives connection directly to the media player, even before knowing of a response Content-Type. And media player does not send referrer information, so REDIRECT protection cannot work with it.
The only solution here is to use a LINK protection, no other protection solutions can solve this issue.
Another solution is not to use embedded Windows Media object.

__________________
Yaroslav Govorunov,
Helicon Tech
Back to Top Visit Yaroslav's Homepage
 
jvpeters
Newbie


Joined: 18 January 2007
Posts: 12
Posted: 23 January 2007 at 8:26am  

I would like to have you sign into the site to recreate exactly what we are doing. There are links set there for you to see Is there an email address where I can send you login information? If not I can try to recreate it outside of the site, it will just take us a bit more coding for us to do that.

Thanks

Back to Top
 
jvpeters
Newbie


Joined: 18 January 2007
Posts: 12
Posted: 23 January 2007 at 8:32am  

Oh, and we are using REDIRECT protection. We cannot use LINK because some of our customers are using their own video servers inside of their firewalls ad we would not be able to install HLB on those servers, only our public ones. We are trying to protect the videos on our public servers. as much as possible.

The link I see when I click directly on a video has the signature appended to the front of the file name. When I view the source of the video (or what it is trying to play) in the browser, there is no signature apended to the front of the file name.

We have to use the video as embedded because there is a lot of functionality that we add to the video (plus tracking and reporting) from within the containers.

Back to Top
 
Yaroslav
Admin Group


Joined: 15 August 2002
Posts: 6520
Posted: 23 January 2007 at 8:53am  

You can send login information to the support e-mail: [email protected]

Let me explain how REDIRECT protection work for you. In ordinary REFERER protection HotlinkBlocker expect referer header to be present in the media request and reject all illegal values. Browsers usually send referer header for the most content, but media files are served by a third party applications and not by a browser directly. These applications does not send referer information to the server. REDIRECT protection is based on a fact that browser does not aware of the content-type of some resource before it makes a request to the server. If you have a link to the media file first request is always made by a browser itself and thus will contain referer information. But after browser recognizes content-type as a media file it starts third party application and transfers link to it. On this stage referrer is lost. HotlinkBlocker redirects first browser request that contain initial referer to the signed link, so after refferer will be lost the link is still valid because of signature.
Now what is happening with your content. You are using embedded <OBJECT> tag to include video. In this case browser does not know anything about content request and just start this third-party application. There is no first request and no referrer header to analize.
The only solution in your situation is to use LINK protection, so links will be signed permanently. You may try to identify clients with their own media servers and does not sign links sent to these clients. If you don't include signature template into the link it will not be signed.

__________________
Yaroslav Govorunov,
Helicon Tech
Back to Top Visit Yaroslav's Homepage
 
jvpeters
Newbie


Joined: 18 January 2007
Posts: 12
Posted: 23 January 2007 at 4:41pm  

Thank you Yaroslov for the explanation. We thought in reading the documentation that REDIRECT was the way to go with embedded WMV files. Given that LINK is the only way to handle those we will need to rewrite our player application a bit it seems.

I am sending you an email with login information to the servers and some questions on licensing.

Thanks again.

Back to Top
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

Printable version Printable version
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum