I am trying to protect direct access to my mp3 files, if the malicious user knows the type url he www.dominio.com/temas/tema25.mp3
can play it and download it through his browser. After looking for information, the safest and most correct way I think is done with .htaccess
My tests have been carried out with this configuration that works correctly accessing the file externally but also blocks the user when trying to play it:
<Files *.mp3>
order deny,allow
allow from player.php
deny from all
</Files>
Is there another formula or method to prevent direct access to my .mp3 files?
There is no completely safe way to do it. However, the value that the browser sends in the HTTP Referer header can be used . In this way, you would only allow access to the MP3 if it is through a link on your page:
[F]
specifies that a403 Forbidden
.[R=404]
.RewriteRule \.mp3$ home.html [NC,R]
Some browsers, in some circumstances (especially mobile, and especially in multimedia tags like
<video>
), do not send the Referer and you have to force it by changing the policy with the referrer meta tag inside<head>
the page:If you wanted to add another layer of security to control access to files, it would be validating by user, for example managing sessions.