As video and audio streaming is the most important part of any video hosting, storing applications. In most cases you need to protect your streams to prevent unauthorized access, download of your videos to avoid
- Unncessesary consuming your server bandwidth
- Sensitivity of your stream files
- Paid contents to avoid access and share with unauthorized users.
- and more.
List of variety of ways you can protect your streams.
- Http Referrer Approach for locally stored videos and audio files.
- Token based authentication for locally or multi server video hosting
- Cookie Based authentication for locally stored videos
- Private distribution of RTMP / HLS streams using CloudFront / Amazon S3 for cloud storage
Protection of Videos via Http Referrer
This approach is most commonly used to prevent streaming videos from domain where its actually playing. In this approach when player start video playing, http referrer has to be sent to streaming engine. if its validated video start streaming otherwise access denied will appear and video won't be played.
Issue in this approach is, in most devices and operating system like IOS (mobile safari) browser not sent any http referrer information to stream engine. In such cases you still receive access denied / validation failed response even if you are legally accessing video files. Due to that drawback you can't use this approach mostly.
Token Based Authentication
In this approach unique token is generated on each page request / at time of player loading and saved that token in database. when user click on play button, player will pass token to streaming engine. If streaming engine validate token, token has be removed from database and streaming started. Each token will work only once. If someone share that video url, it can't work. This approach can work in both locally stored video hosting or videos stored on remote servers. This is the most protected way to protect your streams.
CooKie Based Authentication
This approach is normally used like authorizing user to access certain resource. if user authorize video will start streaming otherwise not. It can only be work on locally stored media files. Mostly used for streaming paid contents.
Private distribution of RTMP / HLS streams using CloudFront / Amazon S3
This approach uses builtin amazon private content distribution to stream private contents over http. It works only on media files stored on amazon s3 storage and stream via cloud front distribution streaming via RTMP / HLS streaming. This will prevent your stream to certain level but can't be 100% protected.;