Community Support Forums

Does s2Member's Download Protection allow linking to files stores off-site (e.g. Amazon S3)? I have video files (rather large and cost prohibitive to host) that I keep in an S3 bucket, and I'd like to protect access to their download links from Wordpress. Is that possible?

s2Member doesn't manage that, but the files can obviously be used in pages/posts protected by s2Member.

Maybe this plugin will help you http://wordpress.org/extend/plugins/ama ... generator/ I haven't tried it, though. If you do, let me know if it solved your problem, please.

Hotlinking? S3 ---Add Policy----

Restricting Access to Specific HTTP Referer

Code: Select all

{
  "Version":"2008-10-17",
  "Id":"http referer policy example",
  "Statement":[
    {
      "Sid":"Allow get requests referred by www.mysite.com and mysite.com",
      "Effect":"Allow",
      "Principal":"*",
      "Action":"s3:GetObject",
      "Resource":"arn:aws:s3:::example-bucket/*",
      "Condition":{
        "StringLike":{
          "aws:Referer":[
            " http://www.mysite.com/*",
            " http://mysite.com/*"
          ]
        }
      }
    }
  ]
}

Access?
Try using S3Fox (firefox) Config

Once you have your buckets right click and go to (Manage Distributions) and add a CNAMS
Meaning..instead of you showing Amazon URL...Example: http://bucketname.s3.amazonaws.com/ it would be http://subdomain.yoursite.com

This way they do not know where the media is coming from.

Jason is working on the S3 and hopefully will be available in his next Major Release of S2M

There is a Wordpress plug in that is available that can take care all of the above but it comes with a $100 price tag ...but i heard it's pretty good:

http://s3flowshield.com/

There is CloudBerry S3 Explorer PRO that comes with some handy tools...

Or ..if money is not in question..use Amazon CloudFront/rtmpe/Flowplayer or JW Player

Thanks guys! That's exactly what I needed. I'm going to go ahead and stick with the Bucket Policy to restrict access to my domain (to preserve future compatibility with anything Jason comes out with). Having S3 support built into s2Member would make my year!!

Thanks, drbyte! I didn't know that, am not that familiar with S3 configuration yet.

Would Specific HTTP Referer prevent someone from entering the URL in his browser's address bar? Would Amazon S3 still not serve the file? Sounds like it would behave like that, but I thought I'd ask to make sure.

you welcome Cristian

Well it all depends what browser you use...Firefox tends to ignore the referer and server the files if it has been directly injected to the browser address. Now, if you same file was to be served from another site...a decline request will appear.

an example:

<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>015E0BC755D867ED</RequestId><HostId>bvVPjJe3wfDa89TzgF5RPR08LMu4xEnuOEA+2V9NV/wIbIRDtnyr8MIoRt4Zvnfv</HostId></Error>

My 2 cents about serving videos online

If you are going to serve videos and need total protection then the above is not for you...people will find ways to capture and download them.

I fond that Wowza is the best along with JW player secure Token implementation

Adobe Flash Media servers is excellent product and very fast...but even with rtmpe protocol, the player is not validated and the file can be downloaded.

Now, both requires it's own Box.....and the min cost would be around $200 for storage and bandwidth

Amazon Cloudfront/S3 can be very costly too....They use Flash Media servers and the security they provide is very limited, for now....

Here is a Sample for you to see...serving mp4 @ 1000Kbps

http://totalmovies.s3.amazonaws.com/sample.html

as you can see ...the delivery is not that reliable and slow at times...it hangs sometimes but I guess it all depends what time you view it...Plus some bad news for developers....Amazon just released a note that they have finally opened the Could Drive to the public where you can upload your mp3 and they will provide you with a player (Android, and PC) App to play them....It's bad because it will jam bandwidth especially if files you serve are larger than 100MB or HD in Format

If you just want to server small files @512Kbps or less then Amazon might work for you, other than that...look at Wowza and Adobe Flash Media Servers....

Hope that helps

Sam

Thank you very much, Sam! Great information.

Okay... well I implemented that bucket policy and am now trying to use the JW Player WP Plugin to embed videos on my site. If I put a link in my blog to the video file in my S3 bucket, the video file opens up and plays fine (in the browser, not JW Player). When I try to embed a video in JW Player, however, it appears JW Player get requests DO NOT send my referrer information (URL). I think this is causing the requests to get denied.

Is there any way I can get JW Player to transmit this data or is there a way I can modify my bucket policy to be compatible with JW Player?

Here's what my bucket policy looks like:

Code: Select all

{
"Version":"2008-10-17",
"Id":"Bucket policy for example-bucket 2010-07-27 17:27:54 elving",
"Statement":[
{
"Sid":"Allow get requests referred by mydomain.com and www.mydomain.com",
"Effect":"Allow",
"Principal":"*",
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::bucketname/*",
"Condition":{
"StringLike":{
"aws:Referer":[
"http://mydomain.com/*",
"http://www.mydomain.com/*"
]
}
}
}
]
}


I read that someone added code to allow requests without referrer data (see below), but doesn't that defeat the purpose of having a bucket policy to protect from hotlinking since someone could just type in the address directly?

Code: Select all

{
      "Sid":"Allow get requests that don't specify a referrer (e.g. requests from JW Player)",
      "Effect":"Allow",
      "Principal":"*",
      "Action":"s3:GetObject",
      "Resource":"arn:aws:s3:::bucketname/*",
      "Condition":{
        "Null":{
          "aws:Referer":true
        }
      }
    }
  ]
}