Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

I hide HLS URL using PHP to output files but doesn't work


This is my original URL: http://xxx.xxx.xxx.xxx/01/MV01/index.m3u8 For security concern I moved all HLS files outside the document root of web site (/var/www/html). IE. move them to /var/www/video/01/MV01/index.m3u8 including all .ts files in the same folder.

And then I created a .htaccess in the document root:

.htaccess:

RewriteEngine on
RewriteCond %{REQUEST_URI} .*ts$|.*m3u8$ [NC]
RewriteRule ^(.*) auth.php?file=$1 [NC,L]
This will redirect all requirement and get files outputted by php.

auth.php:
<?php
//
Some codes to check authorization first.
//
$reqpath = strip_tags($_GET['file']);
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-store, no-cache,must-revalidate");
header("Cache-Control: post-check=0, pre-check=0",false);
header("Pragma: no-cache");
header('Content-type:application/force-download');
if (strpos($_GET['file'],".ts")>1) header("Content-type: video/MP2T");
if (strpos($_GET['file'],".m3u8")>1) header("Content-type: application/x-mpegURL");
@readfile("/var/www/video/".$reqpath);
//
//

My purpose is when user accesses http://xxx.xxx.xxx.xxx/01/MV01/index.m3u8 he still can play the video.

The result is: It is working well on iOS and Android but can not play on PC including jwplayer and VLC.

I'm using jwplayer ver. 6 and I have used 'type' = 'hls'. It shows buffering always. I guess it get the m3u8 document and start loading .ts files already.

The error message on VLC is "main input error: no suitable demux module for 'http://xxx.xxx.xxx.xxx/01/MV01/index.m3u8'

**I use the HLS sample files download on apple.com so I think the .m3u8 and .ts files are no problem.

Help! Thanks.

3 Community Answers

Ethan Feldman

JW Player Support Agent  
0 rated :

Do you have a link?

bunongzu

User  
0 rated :

I have solved it finally.

Why can only play on iOS and Android but not on PC? I guess the problem should be in the outputting in PHP so I tried to change the HTTP header and then I find the answer.

Just add one more header:
header('Content-Length: ' . filesize("/var/www/video/".$reqpath));

All of the header here
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-store, no-cache,must-revalidate");
header("Cache-Control: post-check=0, pre-check=0",false);
header("Pragma: no-cache");
header('Content-type:application/force-download');
header('Content-Disposition: attachment; filename='.basename($filename));
header('Content-Length: ' . filesize("/var/www/video/".$reqpath));
header('Content-Type: '.mime_content_type("/var/www/video/".$reqpath));

Then I can protect all the content and check user login first.
Be careful to prevent this auth.php?file=../../../etc/passwd in the php.

Hope this helps someone.

Ethan Feldman

JW Player Support Agent  
0 rated :

Glad you got it, thanks for sharing.

This question has received the maximum number of answers.