Amazon S3 Video Help Please :-)

by 58 replies
59
Hi,

I am asking if somebody can help with Amazon S3 video hosting/streaming.

I know how to host and play the videos, but the videos I will be hosting in a members area will be paid for videos. Therefore how can I stop people from hot linking to the source of the video (Amazon S3 video bucket) and posting it online.

I tried an old PHP redirect script and placed it in the bucket but it didn't work, the video would not play.

So my question is, is there a way to stop people from hot linking to the videos with some kind of script or similar, when using Amazon S3 video?

I would appreciate any advice, and help.

Thanks,

Steven
#programming #amazon #hotlinking with amazon s3 #video

  • What video player are you using, as some allow you to mask the video url, some also use secure streaming, like this for example.

    Configure Streaming Security Settings | Wowza Support
    • [1] reply
    • Hi Alex, thanks for the reply.

      I am trying Video JS at the moment, which is a freeware video player. But I just cannot see anyway to stop the hotlinking. I looked at the link you provided, but all I could see was that if you host the video files with them they have security, but that would defeat the option of using Amazon s3?

      What free, or cheap video players have security built in to stop hotlinking that I can use with S3?

      Thanks.
      • [2] replies
  • You need to create a bucket policy to restrict access only to your website (domain/IP) and make sure the ACL is not public.

    Much EASIER to use Cloudberry Explorer for this.

    If your on a Mac you can still use it if your running something like Parallels or VMware Fusion.

    Here's an example policy:

    Code:
    {
  "Id": "Policy1234",
  "Statement": [
    {
      "Sid": "SBP123",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::THEBUCKETNAME/*",
      "Condition": {
        "StringLike": {
          "aws:Referer": [
            "http://YOUR-WEBSITE.com/*",
            "http://www.YOUR-WEBSITE.com/*",
            "http://YOUR-WEBSITE-IP-ADDRESS/*"
          ]
        }
      },
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    }
  ]
}
    Also, technically your not "streaming" if it's coming from a bucket.
    You can live stream from Cloudfront though.

    You'd also be better off to use a quality plugin which makes all this very easy.
    The RTMP Player Plugin (although ugly) works extremely well and is the most affordable S3 and cloudfront premium plugin.
    • [ 1 ] Thanks
    • [1] reply
    • I have three questions that I'm hoping you can help me with, please.

      1) If I want my S3 videos and other S3 links to work on my sites ONLY then what do you add to the bucket policy below that I put in ?

      2) I have tried about 4 or 5 different bucket policies and some worked in preventing my videos from being played on any site but my own, but the videos wouldn't play on mobile devices like Android and iPads. Is there something I can add to a bucket policy so the videos will play on mobile devices?

      3) My site is SSL. The primary site for the cpanel is MySite.com and MySite.com/xx and MySite.com/xxxx are in two different folders/directories in the same cpanel. Since it's SSL and since they are in the same cpanel, do I need to add ALL of the url's as shown below to the bucket policy, or just the several iterations of MySite.com? (I tried adding all of the url's like below but when I tried to save the bucket policy Amazon said: "Policy could not be parsed as a valid JSON string"

      "https://www.MySite.com/*",
      "https://www.MySite.com/xx/*",
      "https://www.MySite.com/xxxx/*",
      "http://www.MySite.com/*",
      "http://www.MySite.com/ic/*",
      "http://www.MySite.com/xxxx/*",
      "https://MySite.com/*",
      "https://MySite.com/xx/*",
      "https://MySite.com/insidersclub/*",
      "http://MySite.com/*",
      "http://MySite/xx/*",
      "http://MySite.com/xxxx/*"

      Thanks



  • Have a Idea Domain to share
    .SG Domain COUPON CODE Share Out, only SGD7.99
    COUPON CODE: 2016_HongBao_Promo

    Visit Us: Buy .SG/COM.SG - Singapore Domain Name - Exabytes.SG
  • magentawave, you might want to read this AWS3 article. Some decent information.

    You should really consider running these through cloudfront and just use the buckets for storage and fallback.

    Amazon also has a bucket policy generator which should help you fine-tune it to your needs. Definitely read the help/dev docs.
    • [ 1 ] Thanks
    • [1] reply
    • I tried about 5 different bucket policies and none of them prevent people from viewing the source code and then downloading and hot linking my S3 URL's. After much research, I found out that S3 Media Vault and EasyVideoSuite can do this.

      That article on how to set up Cloudfront is excellent. Thank you!

      I have a couple questions about Cloudfront, please.

      1) Does it cost more to stream from Cloudfront than it does from the S3 bucket?

      2) Is there any downside to using Cloudfront?

      3) It said this at the article you gave me the link to:


      Does that mean that using Cloudfront will prevent people from viewing the source code and then using my S3 links to either download my stuff or hot link to it?

      4) Does using Cloudfront actually change the words, characters, etc. in the S3 URL's?

      Thanks



      • [1] reply
  • I'm seeing articles and videos about masking your S3 links by creating a cname, etc. Does masking S3 URL's protect the URL's from being copied and played on someone else's site and also from being downloaded? Or does it merely mask them so hopefully people doing a view source code of the page the S3 links are on won't know they are S3 links?
    • [1] reply
    • It simply masks or changes the url to look like your site, there's no protection.
      Viewing source code should really not be a concern, you can't prevent that.
      What happens when they try to use the link is what you can control.
      • [1] reply
  • It said "S3" and "bucket-name" in that code so I assumed it was an S3 bucket policy. I have seen the page you referred me to and tried some of the bucket policies there but best case scenario people can view the videos on my site only and they can't download anything, but nothing plays from my site on iOS and Android.

    The video uses JW Player on Optimizepress 2. I haven't added any IAM users and I don't have any bucket policies.

    I tried the bucket policy below from the page you suggested that is for restricting access to a specific http referrer and I got this error message after clicking save: "Policy could not be parsed as a valid JSON string"

    Code:
    {
  "Version":"2012-10-17",
  "Id":"https://www.MySite.com/",
  "Statement":[
    {
      "Sid":"Allow get requests originating from www.MySite.com/.”,
      "Effect":"Allow",
      "Principal":"*",
      "Action":"s3:GetObject",
      "Resource":"arn:aws:s3:::my-launch-content/*”,
      "Condition":{
        "StringLike":{"aws:Referer":["https://www.MySite.com/*","https://MySite.com/*"]}
      }
    }
  ]
}
    By the way, I tried it with http and https and get the same error when I try to save it.
    • [1] reply
    • This validates, I tested it.

      HTML Code:
      {
    "Version": "2012-10-17",
    "Id": "http referer policy example",
    "Statement": [
        {
            "Sid": "Allow get requests originating from www.mysite.com and mysite.com.",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-launch-content/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "http://www.mysite.com/*",
                        "http://mysite.com/*"
                    ]
                }
            }
        }
    ]
}
  • And to reiterate the permissions...

    PERMISSIONS FOR BUCKET: (All are checked)
    Grantee: me - Open/Download - View Permissions - Edit Permissions


    PERMISSIONS FOR INDIVIDUAL FILE:
    Same
  • And here is an actual policy on one of my buckets..
    I changed the domain name and bucket name. Everything else is accurate.

    You see multiple domains since it includes the cnames (assets, media) as well as a cloudfront cname.

    This has been Updated..

    HTML Code:
    {
    "Version": "2012-10-17",
    "Id": "http referer wpcodeking policy",
    "Statement": [
        {
            "Sid": "Allow get requests referred by www.mywebsite.com and mywebsite.com",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybucketname/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "http://www.mywebsite.com/*",
                        "http://mywebsite.com/*"
                    ]
                }
            }
        }
    ]
}
    • [ 1 ] Thanks
    • [1] reply
    • Thanks. I got that bucket policy to save without an error and the video only plays on my site, which is what I want, but it won't play from my site on iOS and Android. Any suggestions?
      • [1] reply
  • I told you before that Optimizepress is using the JWPlayer but I just realized it is Flowplayer. Sorry about that. (but your link to the JWPlayer forum inspired me to start a thread at the Flowplayer forum.)

    I'm not sure this is relevant to the videos not playing from my site on iOS and Android, but while the page is still loading on my laptop, you can briefly see that it says this before the video player turns into a solid grey rectangle: Again, that is when the page loads on my laptop because I don't see that when it loads on iOS and Android.

    Is there something I should change in the CORS Configuration Editor that would make the videos still work on iOS and Android?

    Code:
    <CORSConfiguration>
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
</CORSConfiguration>
  • By the way, I also tried using the exact same bucket policy you pasted above and with the permissions like this...





    ...the video does play on iOS and Android from my site, but the video also plays on a site that isn't on the "allow" list of sites in the bucket policy.

    Is there some shortcode I could add to the page in Optimizepress that would enable those videos to play on iOS and Android?


    Bottom line: both bucket policies do absolutely nothing to restrict the video from playing on other sites.
    • [1] reply
    • I suspect the no mobile playing has to do with the videos and the content-type.

      I'll create a step by step video for you and anyone else who wants to protect assets on their site.
      Should be able to do it within a day or so.
      • [1] reply
  • I will PM you a link to a test page on my site that has a video and pdf.

    I'm not using Cloudfront at all yet. You're right that S3 Media Vault does not work with Cloudfront which is why I might have to bail on using Cloudfront.

    The videos are for a series of launch videos that sell memberships to another site (Very similar to a typical Jeff Walker style launch). I don't care much that my launch videos are protected (although I would protect them if I could). What I'm concerned about is protecting all the videos and pdf's on the membership site. DAP will protect my stuff from non-members but once a member logs in then they could take my stuff. It's unlikely but ever since a piece of SH*T literally copied my entire site a couple years ago I am a bit paranoid about that happening again. As soon as I figure out how to protect everything with bucket policies, permissions or S3 Media Vault, then I will work like a madman to update the first couple weeks of the membership site content and then I'll start the internal launch to my list. Once the launch starts then I will return to updating the membership site until I'm done. I just don't want to start the launch to my list until I know absolutely for sure how I'm going to protect my stuff.

    By the way, if S3 Media Vault is supposed to prevent my videos from being played on other sites as well as protect everything from being downloaded, then what's the point of having expiring links?
    • [1] reply
    • Expiring links are useful. Allows the validity of the link to stop after a certain time. Not magical, but cuts down on some b.s.
  • As promised I've created a video tutorial for this on my blog.
    Also there's a pdf version and sample bucket policy you can download.


    How To Setup Amazon S3 With WordPress To Protect Your Videos, PDF's, and Zips
    • [ 1 ] Thanks
  • Thanks David, that looks great! I brought this up before but it was never resolved because I forgot about it when I reverted to using Amazons 2008 bucket policy...

    How come when I use the same bucket policy you used (and obviously after adding my stuff to it) I get an error message that says after I click the Save button? I looked online to find out what that is supposed to mean and couldn't find anything or didn't know what they were talking about.

    Thanks

    EDIT: I went back to the older 2008-10-17 and it accepts that one.
    • [1] reply
    • Are your referring to the updated one in the tutorial?
      If so, I'll check/test it, fix it, and update it.

      Update: I checked the one in the tutorials and it works fine, so you must be talking about an earlier one.

      Also, something I failed to mention in the video. I tested the videos in various browsers, my ipad, and an android, and they played fine.
      • [1] reply
  • Hey David, THANK YOU so much for taking the time to put together that tutorial! It's almost too good to be true but it worked! My videos only play on my site. They play on iOS and Android. They won't play on any site buy my own and you can't download them. YAY!!! This is HUGE because you have no idea how much I have scoured the internet for the last two weeks trying a million different things with none of them working the way I needed! YOU are a man of your word too! Seriously. This is such a relief because now I can focus starting tomorrow morning on updating the content on my membership site so I'm a couple weeks ahead of my (soon to be) members and then finally do the internal launch to my list. THANK YOU!

    Just a couple quick questions whenever you get the chance.

    1) Do you think this will work with Cloudfront?

    2) If I was to stick with S3 for now, how much of a hassle would it be to turn on Cloudfront a little later? Would turning on Cloudfront later mean that I'd have to go in and make changes to all the individual videos or could it be changed in the Flowplayer global settings?

    3) And to confirm: You said do NOT use Server Side Encryption (AES-256) for any content that my members will be able to download. Correct?


    P.S. I tried to leave a comment at your blog but got an error message after I click the "submit" button. https://www.evernote.com/l/Ag4-XRLkH...M6R1J9acSN26QA
    • [ 1 ] Thanks
    • [1] reply

    • Your welcome.

      1) With a few modifications

      2) You could create a CF distribution later. As far as that plugin... I can't say for sure without testing. I use my own custom plugin.
      And YES, you would have to change all the urls.
      They would be different. Something like "adfasd987f8.cloudfront" or add a cname and use your own url like "assets.mysite.com"

      3) Yes, correct. I tested it several times and the way I have it setup in the example, I'm using the "Download Monitor" plugin. When entering an S3 url in the field, it downloads it properly but it's still encrypted.
      There are other ways around that, but a little more complex.

      P.S. Sorry about that. I'll take a look and see what's happening.
      • [ 1 ] Thanks
  • magentawave, the comment form has been fixed.

    Appreciate you pointing that out!
    • [ 1 ] Thanks
  • David,

    1) Do mp3's audio files work across all platforms or should I offer another version in the same way that I'm offering both mp4 and webm for the videos?

    2) Should I click the "auto buffering" button in the video player settings with S3 and/or Cloudfront?

    3) Have you figured out how to do everything you did in your video when using Optimizepress? I'm asking because the video element in OP doesn't have an "Amazon Protected Content" box like the Flowplayer plugin does.

    Thanks
    • [1] reply
    • 1) As far as I know... you should be ok with the mp3. I've never used only audio, so I can't say for sure.

      2) Optional. If you activate auto buffering the video will download and be ready to go. Many people select false, since there's no need to load the video unless someone clicks play. Activating this will also increase the bandwidth from amazon since it will download/buffer whether someone plays it or not.

      3) I wouldn't use the built in video element in OP. You must have an authenticated connection with the S3 media.
      • [1] reply
  • When I use S3 Fox to upload files to the bucket it adds its own stuff to that files Metadata. You can see it here: https://www.evernote.com/l/Ag55KhKgT...Z-KXG_t2bPgKQA Is there any reason for me to keep that extra stuff or can I delete it?
    • [1] reply
    • You can get rid of it.
      I would imagine they use the filesize and modification time for reference inside s3fox.
      It won't hurt anything even if you leave it.
  • Hey David, thanks again for all of your help before with protecting my S3 links. I was wondering if you knew how to increase the default expiration time that S3 puts on the links?
  • I am Using Jwplayer in WordPress websites for .m3u8 stream file but this player is not working, i am using this on

    <embed type="application/x-shockwave-flash" src="http://www.listenfmradios.com/SWFPlayer.swf" width="303" height="20" id="mpl" name="mpl" quality="high" allowscriptaccess="always" allowfullscreen="false" flashvars="autostart=true&amp;duration=99999&amp;f ile=http://yayin34.canlitvlive.com/trt1/live.m3u8">
    Ecouter Radio En Direct and Ecouter Radio En Direct
    if some one have any idea about this them please share with me.??
    • [1] reply
    • Sorry but I don't know about that. I'm having problems right now with FV Player plugin not centering videos on pages built with Optimizepress.
Join the discussion

Next Topics on Trending Feed