MP3 Audio Player
Documentation
Search for articles about the Audio Player and WordPress Theme

Preventing MP3 Download / Block Direct URL File Access

Sometimes you may want to protect audio files from being downloaded from your server, while you want to allow mp3 files to be played in our player.

This will disallow people from directly requesting MP3 files URL on their browsers and throw a 403 Forbidden error for the user who attempts direct file access.

There are 2 different ways to achieve this and it depends your web server. In most cases, you will need to contact your hosting provider so they can add the rules in the server config.

For NGINX users: #

Step 1  Open NGINX Configuration File

$ vi /etc/nginx/sites-available/default

If you have setup virtual hosts on your NGINX server, then open its configuration file in a text editor.

Step 2  Add the following lines inside server block to disable direct access to jpg, png and gif files.

location ~* \.(mp3|m4a)$ {
   valid_referers example.com www.example.com;
   if ($invalid_referer) {
      return 403;
   }
}

The above location block will process requests for mp3 and m4a files. It will check if the referer is your domain, example.com or www.example.com, if not, then NGINX will return 403 Access Forbidden response message.

So make sure to change example.com and www.example.com for your own domain name.

The location function shall be inside your server function. like this example:

server {
    location {  ...  }
    location ~* \.(mp3|m4a)$ {
    valid_referers example.com www.example.com;
        if ($invalid_referer) {
            return 403;
        }
    }
...
}

Step 3  Restart NGINX server to apply changes.

$ sudo service nginx restart

For APACHE user: #

Step 1 – Make sure mod_rewrite is enabled. Go to step 2 if it’s already enabled.

Ubuntu/Debian

Open terminal and run the following command to enable mod_rewrite.

$ sudo a2enmod rewrite

Redhat/Fedora/CentOS

Open Apache configuration file in a text editor.

$ sudo vi /etc/apache2/httpd.conf
OR
$ sudo vi /etc/httpd/httpd.conf

Look for the following line.

#LoadModule rewrite_module modules/mod_rewrite.so

Uncomment it by removing # at its beginning. If you don’t find this line, add it!

Also look for the following Directory tag and change AllowOverride from None to All.

<Directory /var/www/html>
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
</Directory>

Step 2 – Open .htaccess file

Open .htaccess file in a text editor. If your .htaccess file is located somewhere other than default location, then replace the path below with the correct file path of .htaccess.

$ sudo vi /var/www/html/.htaccess

Step 3 – Prevent Direct Access
Add the following lines to .htaccess file. Replace example with your domain name.

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.*$ [NC] 
RewriteRule \.(mp3|m4a)$ - [F]

Let us look at the above lines. The first line enables mod_rewrite. The next 2 lines check for the HTTP_REFERER value for the request. If they do not begin with http://www.example.com, that is, if the request has been sent directly or from another website, then Apache will check the extension of requested file. If it is .mp3 or .m4a then Apache will respond with 403 Forbidden Access message.

Please note, if you have loaded a web page from the website on your browser and then try to directly access the file on a new browser tab/window, you may be able to access it. This is because the image is loaded directly from the browser cache, in such cases. Nevertheless, it is not loaded directly from server.

Step 4 – Restart Apache Server

$ sudo service apache2 restart
Updated on February 23, 2022
Was this article helpful?
Still Stuck?
How can we help?