.htaccess and MP3s

Question

I'm trying to restrict access to MP3's to users only (i'm using wordpress)

I have my .htaccess set up to redirect back to the homepage unless you click it - to prevent people just typing in the url.

But when a registered user does click it the MP3 doesn't stream (in safari) and when you try to 'download linked file' you get a html file not the mp3.

So basically at the moment no one can download them.

Here's my htaccess code

IndexIgnore *
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?wizzfx\.com/ [NC]
RewriteCond %{REQUEST_URI} !hotlink\.(mp3) [NC]
RewriteRule .*\.(mp3)$ http://www.wizzfx.com/ [NC]

I'll also probably want to include other files than just mp3s at some point too.

Answer 1

The trouble is your technique, as you say, is quite restrictive, yet it's not really that secure (it's easy to spoof the referer header).

A better solution, but again not entirely secure, would be to simply use obscure file naming (making it hard to merely 'guess' the URL), but not setting limits on where and how a user can listen to the file.

If you want absolute security, a plugin that allowed you to upload media, within your WordPress admin, to a directory outside the web root.

Users would then log in to view the uploaded media, but would have to download and save the files in order to use them.

The downloading process would be made using a simple PHP file downloader script, in order to present files outside the web root.