Open jenridunn opened 4 years ago
@jenridunn your first link is not working on my machine, responding http 400 code. Second one is working.
We need to distinguish between 2 different threats -
The first one can be solved quite easily by tokenization, e.g. secure link. The second one is harder, and I think the only solution that provides a fair level of protection is DRM.
put in nginx.conf limit_req_zone $binary_remote_addr zone=mylimit:10m rate=1;
and limit_req zone=mylimit burst=1 nodelay;
in your vhost and no plugin will be able to download it ! ;) no aes - no drm ;)
no aes - no drm ;)
also - no CDN, no multiple users behind a single IP address, and no ability to reload the player :-)
also - no CDN, no multiple users behind a single IP address, and no ability to reload the player :-)
I can't limit per ip ..my video are public, what you mean for avod to reload the player?
I meant that if you implement your suggestion of rate limiting the requests so that a user can't download the same segment twice, if a legit user (=just trying to watch the video, not downloading it) has some temp network error or something, and tries to reload the player, it won't work.
Hello @erankor ! I hope you are well. I'm having quite a hard time to think how can I prevent that people who use the extension Video DownloadHelper, can download my VOD videos. I'm implementing AES encryption but it's not enough. I need to clear the key but so far I couldn't have found any tutorial to clear the key for HLS VOD videos. Here's my nginx.conf so far, is quite simple. I'm testing the location /tras/ , but as you can see I also have the location /content/ where I have secure links but still the browser extension is able somehow to download the videos. I think that the extension detects the m3u8 manifest and from there extracts the segments and no matter how well the url is protected the video is vulnerable, do you have any suggestions to protect my content against this browser extension? Maybe uri encryption might work, but so far I haven't had luck trying this, the conf in the second block returns a file without extension named as the encrypted url it's live now so you can try it if you want just click the second link. And somehow the first link works too despite the uri is not encrypted. So I think i'm doing something wrong but I don't what it is. Thank you @erankor !
Original Link: https://4466mr373txf6j.xyz/tras/VID1,144,360,540,720,k.mp4.urlset/playlist.m3u8
URI Encrypted Link: https://4466mr373txf6j.xyz/tras/suhj7TDbeV7m-Yl67Z4kOCHbThfU-ILNa12LzUHEQoQ9IJb7BZs3aQWeB_mS9qSNplL0faSiI11LB0hUBnz6fg
FIRST BLOCK
SECOND BLOCK