SecureVideosDirectory Plugin
This tutorial shows you how to enable Apache XSendFile to prevent your videos from being accessed by external or unauthorized users. It will also help you set up the symbolic link to allow you to move your videos to another location
Get 1-hour support on our Services Site, we will do it for you
- Ubuntu 22.04
- Apache XSendFile
- SecureVideosDirectory Plugin
- Root Access to the server
- Admin user for YouPHPTube
This is necessary for secure files and configuration assistant
sudo apt-get install libapache2-mod-xsendfile && sudo a2enmod xsendfile
sudo nano /etc/apache2/apache2.conf
<Directory /var/www/html/YouPHPTube/>
Options Indexes FollowSymLinks
XSendFile on
XSendFilePath /var/www/html/YouPHPTube/
AllowOverride All
Require all granted
Order Allow,Deny
Allow from All
</Directory>
We can limit access to our video with embed contents,
No direct access is allowed but you can whitelist some server to use it in an Iframe or you can whitelist some headers so you can allow some apps to embed your videos.
-
embedWhiteList: Add one domain per row. Supports wildcards for flexible matching:
-
*.mysite.com- Matches all subdomains (e.g.,sub.mysite.com,any.sub.mysite.com) -
mysite*.com- Matches prefix patterns (e.g.,mysite1.com,mysite-test.com) -
*.mysite.*- Matches any subdomain with any TLD (e.g.,sub.mysite.com,sub.mysite.net) -
example.com- Exact domain match only
-
-
userAgentWhitelist: Add user agents using JSON array format:
["UserAgent1","UserAgent2"] -
HTTP_X_REQUESTED_WITHWhitelist: Add REQUESTED_WITH headers (commonly sent from apps) using JSON array format with your app domain:
["com.myandroidapp","com.myappleapp"]
*.mycompany.com
partner1.com
partner*.net
*.trusted.*
If you are not sure what values to add on the fields above, you may find some clue in your log file
