Posted: 18 January 2007 at 8:09pm | IP Logged

Trying to use Redirect protection on our videos (sounds like a good solution), but cannot seem to get the referer header to work. All of our videos ae embedded in a container window, but when I enter the domain (or IP address of the server) in the white list it still stops it from playing. An example of the container can be seen on our home page at:

http://www.athenaonline.com

Videos are on the bottom of the page. We are testing this on a staging server for the videos and website, but no matter what I enter in the white list (except *) it seems to block me. Maybe I am just entering the info wrong, but cannot find any good examples for this.

Can't use link protection because of our distributed server config.

Posted: 18 January 2007 at 8:18pm | IP Logged

Sorry, I am a newb at this. I assume that since we open a container window, which then opens the video on the HotLink protected server that the initial referer will always be the same (our container window). This is why Redirect should work while Referer will not, since the video is passed off to the client after the initial request...is that correct?

Posted: 19 January 2007 at 6:41pm | IP Logged

Even more time and testing into this and still no luck. Only works if we use a blank referer field @^* but then people can also leech the videos for some reason - acts like there is no protection at all. Could be us, our site or the product but the redirect does not seem to work the way it is supposed to. I have had people researching it, but nothing we do has worked so far.

We are using two servers, one to serve the site and another for the videos, but I did not think you needed it installed on both, at least that's what another thread had. We have several video servers we are trying to build around this solution. I know it has only been a couple of days, but we are feeling pretty abused by the lack of documentation or help  on this. Yaroslav, where are you?

Posted: 20 January 2007 at 9:18am | IP Logged

Hey Yaroslov,

Sorry, I got so cranky, just tired and was getting frustrated at our lack odf success. Not at the office now but can answer your questions.

This is a standard server (not streaming) running under W2K3 Web. Files are just WMV's for progressive download. We are whitelisting the content server on the video server. As I say I am not at the server now, but the config looks like:

Signature=6a75a904-19ce-43d1-a223-24e4edcf30bc
LinkExpires=3600
NotifyOrder=MEDIUM


[Protect]
REDIRECT    /0/*

[ReferersBlackList]
[ReferersWhiteList]
http://www.athenaonline.com/*
*athenaonline.com*
*74.93.9.203/*
[UserAgentsBlackList]
[UserAgentsWhiteList]

We have tried whitelisting everything we can think of. Seems like the only things that work are when we whitelist @^$, @^*, or just *. None of these protect the videos however and I can just go straight to the Properties tab, copy the URL and leech away.

We also wrote an asp page to verify the referer. The only thing I can think of at this point is that maybe I cannot have nested directories in what I am protecting? Maybe I need to create a rule for each directory with movies under the main one? Oh, one more thing. It seems that maybe it works with Flash movies (flv), just not WMV's. Have to do more testing to see if it is protecting tham at all, but they did run when the wmv ones would not.

If you want to give me your email address I can give you access to the test site, and even the server if you like.

Thanks Yaroslav.

Posted: 22 January 2007 at 1:51pm | IP Logged

Hi Yaroslov,

So, very interesting. The embedded videos still do not work with WMV files, but they do with Flash. HLB does not seem to change the link on the embedded flash files (does not add the signature), but does on direct links which is why they play. I am guessing that HLB is trying to add the signature on the WMV embedded videos and cannot, so they never play. The direct link to a WMV works fine, just can't seem to embed it and have it play.

Not sure if this all makes sense?

Jon

Posted: 23 January 2007 at 8:26am | IP Logged

I would like to have you sign into the site to recreate exactly what we are doing. There are links set there for you to see Is there an email address where I can send you login information? If not I can try to recreate it outside of the site, it will just take us a bit more coding for us to do that.

Thanks

Posted: 23 January 2007 at 8:32am | IP Logged

Oh, and we are using REDIRECT protection. We cannot use LINK because some of our customers are using their own video servers inside of their firewalls ad we would not be able to install HLB on those servers, only our public ones. We are trying to protect the videos on our public servers. as much as possible.

The link I see when I click directly on a video has the signature appended to the front of the file name. When I view the source of the video (or what it is trying to play) in the browser, there is no signature apended to the front of the file name.

We have to use the video as embedded because there is a lot of functionality that we add to the video (plus tracking and reporting) from within the containers.

Posted: 23 January 2007 at 4:41pm | IP Logged

Thank you Yaroslov for the explanation. We thought in reading the documentation that REDIRECT was the way to go with embedded WMV files. Given that LINK is the only way to handle those we will need to rewrite our player application a bit it seems.

I am sending you an email with login information to the servers and some questions on licensing.

Thanks again.