locked
HttpHandler Referer URL RRS feed

  • Question

  • User482119511 posted

    Hi,

     I have written (more like copy pasted from another site, and then modified a bit) a FLV handler.  I set up the web.config file correctly and as far as I can tell the handler is working just fine.  The question I have is, how can I filter which URLs are allowed to "use" the handler.  What I mean is the following scenario.  I have an embedded flash object on an HTML page that streams Flash videos from my server (separate from the HTML page).

     

    <object 
    	  classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" 
    	  codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0 width='336' height='297'">    
    	  <param name="movie" value="http://12.25.61.22/vd/FLVScrubber.swf?file=http://12.25.61.22/vd/Lake.flv&bufferTime=3&autoStart=false" />    
    	  <param name="quality" value="high" />    
    	  <embed src="http://12.25.61.22/vd/FLVScrubber.swf?file=http://12.25.61.22/vd/Lake.flv&bufferTime=3&autoStart=false" 
    	  	quality="high" 
    	    pluginspage="http://www.macromedia.com/go/getflashplayer" 
    	    type="application/x-shockwave-flash" 
    	    width="336" 
    	    height="297"></embed>  
    	</object>

     As it is now, you can just copy and paste this code to any other html page and it will work fine.  How can I limit which URLs are allowed to do that?  Is it even possible?  What I'm trying to do is prevent people from simply copying this code and pasting it somewhere else, it has to only work on sites that I gave the permission to.  I DO NOT want to use a query string parameter (as I have heard suggested before) as that doesn't really give me much security either.

    Any help would be greatly appreciated.

    Thanks,

    M.
     

    Tuesday, August 14, 2007 12:13 PM

Answers

  • User482119511 posted
    that seemed to have been the problem - the request was coming from SWF on my own server;  When I wrote an swf handler instead of flv and embedded my FLV in swf file it works just the way I want it
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, August 14, 2007 2:35 PM

All replies

  • User-1091210821 posted

    Simple answer is no,

    people will be able to copy and paste.

    Tuesday, August 14, 2007 12:17 PM
  • User482119511 posted
    I know it's possible to write an HTTPHandler that will prevent images from being leeched.  It relies on checking the Request.ReferrerUrl etc.  Do you have any idea why in my case, when embedding the object like I mentioned above, the ReferrerUrl is Null?  Does it have anything to do with the fact that the SWF player is on my server as well and the referrer is actually my own server?  if so, is there a way to detect the page the flash object is embedded on?
    Tuesday, August 14, 2007 1:20 PM
  • User482119511 posted
    that seemed to have been the problem - the request was coming from SWF on my own server;  When I wrote an swf handler instead of flv and embedded my FLV in swf file it works just the way I want it
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, August 14, 2007 2:35 PM
  • User-1091210821 posted

    The referrer is your own server

    Tuesday, August 14, 2007 3:14 PM
  • User-1091210821 posted

    Just to let you know this the forum where you already asked the same question

    http://forums.asp.net/t/1145594.aspx

    But sorry if this is not the answer you are looking for.

    Wednesday, August 15, 2007 2:50 PM