Preventing Real Player .flv download
OK, I just recently ran into this problem and had a real tough time tracking down the right information online. We use lighttp or (lighty) and mod_flv_streaming to do Flash Video Streaming for clients. One client had the latest version of Real Player installed on their system and when they viewed their videos in the browser Real Player gave them a little button to download the video for watching offline from their hard-drive. Of course the client didn’t want their website visitors to be able to download the videos - just watch them in the browser. Rather than splitting hairs and explaining the intricacies of how the internet works, what encryption is and the pro’s and con’s of DRM, I just started looking for a simple solution to answer their specific problem. It turns out that RealPlayer is not particularly tricky or deceitful when it comes to leeching .flv video files. Their downloader actually identifies itself in the UserAgent field of the request it sends to the server! So, it’s easy enough to write a simple rule in the HTTP server that checks for the useragent and doesn’t serve .flv files to the RealPlayer client.
In the lighty config file it looks like this:
`
$HTTP[“url”] =~ “^/videodirectoryname/” {
$HTTP["useragent"] =~ "/.*RealMedia.*" {
url.access-deny = ( ".flv" )
}
}
`
So that’s it, we didn’t have to encrypt the video files and decrypt them in a custom flash player, and we didn’t have to buy Adobe Flash Media Server or mess with getting Red 5 to work. Just check for the useragent, and all of a sudden RealPlayer doesn’t prompt the visitor to download the file anymore. And if they right click on the video and try to download it, it just gives the user an error. A smart leecher could still easily spoof the UA, but Real Player doesn’t, so… brilliant!