MP3 Audio Player
Search for articles about the Audio Player and WordPress Theme

Preventing MP3 Download / Block Direct URL File Access

Sometimes you may want to protect audio files from being downloaded from your server, while you want to allow mp3 files to be played in our player.

The easiest way to protect your full-length audio files are by offering Audio Previews. See documentation on how to use this exclusive feature with MP3 Audio Player Pro.

If you do not wish to use our audio previews feature, keep reading.

This will disallow people from directly requesting MP3 files URL on their browsers and throw a 403 Forbidden error for the user who attempts direct file access.

There are 2 different ways to achieve this and it depends your web server. In most cases, you will need to contact your hosting provider so they can add the rules in the server config.

For NGINX users: #

Step 1  Open NGINX Configuration File

$ vi /etc/nginx/sites-available/default

If you have setup virtual hosts on your NGINX server, then open its configuration file in a text editor.

Step 2  Add the following lines inside server block to disable direct access to jpg, png and gif files.

location ~* \.(mp3|m4a)$ {
   if ($invalid_referer) {
      return 403;

The above location block will process requests for mp3 and m4a files. It will check if the referer is your domain, or, if not, then NGINX will return 403 Access Forbidden response message.

So make sure to change and for your own domain name.

The location function shall be inside your server function. like this example:

server {
    location {  ...  }
    location ~* \.(mp3|m4a)$ {
        if ($invalid_referer) {
            return 403;

Step 3  Restart NGINX server to apply changes.

$ sudo service nginx restart

For APACHE user: #

Step 1 – Make sure mod_rewrite is enabled. Go to step 2 if it’s already enabled.


Open terminal and run the following command to enable mod_rewrite.

$ sudo a2enmod rewrite


Open Apache configuration file in a text editor.

$ sudo vi /etc/apache2/httpd.conf
$ sudo vi /etc/httpd/httpd.conf

Look for the following line.

#LoadModule rewrite_module modules/

Uncomment it by removing # at its beginning. If you don’t find this line, add it!

Also look for the following Directory tag and change AllowOverride from None to All.

<Directory /var/www/html>
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
AllowOverride All

Step 2 – Open .htaccess file

Open .htaccess file in a text editor. If your .htaccess file is located somewhere other than default location, then replace the path below with the correct file path of .htaccess.

$ sudo vi /var/www/html/.htaccess

Step 3 – Prevent Direct Access
Add the following lines to .htaccess file. Replace example with your domain name.

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^(https?://)?(www\.)?example [NC] 
RewriteCond %{HTTP_REFERER} !^(https?://)?(www\.)?example.*$ [NC] 
RewriteRule \.(mp3|m4a)$ - [F]

Let us look at the above lines. The first line enables mod_rewrite. The next 2 lines check for the HTTP_REFERER value for the request. If they do not begin with http(s)://(www.), the request will be blocked for any .mp3 or .m4a: Apache will respond with 403 Forbidden Access message.
Make sure to replace example by your own domain name.

Please note, if you have loaded a web page from the website on your browser and then try to directly access the file on a new browser tab/window, you may be able to access it. This is because the file is loaded directly from the browser cache, in such cases. Nevertheless, it is not loaded directly from server.

Step 4 – Restart Apache Server

$ sudo service apache2 restart
Updated on October 18, 2023
Was this article helpful?
Still Stuck?
We can help.