Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

colbyalbo's avatar

Restricting Access to Video files by Domain

Hello, Looking for some advice on how to go about what I'm trying to accomplish.

I have a safety training course app that I built with laravel for a client. Some of the lessons have audio and/or video clips in some lessons.

I'm at the point where I need to decide where all the media assets are gonna live. I tested out AWS S3 & Digital Ocean Spaces. I got both work well, got the uploads working, and all is fine from that aspect. Probably gonna go with DO spaces.

The hurdle I'm trying to cross now is restricting access of the audio & video assets that are being delivered from the DO spaces CDN. What I'm trying to prevent is the user harvesting the URL of the asset from the markup and accessing the resource directly from the browser. So I'd like to have the request sent to the CDN with some kind of check for the domain origin. I've tried setting up some rules on the S3 version, but didn't work.

Any recommendations on how I can accomplish this would be appreciated, Thanks in advance.

0 likes
5 replies
rodrigo.pedra's avatar
rodrigo.pedra
5 years ago
Best Answer
Level 56

I needed this feature on an old project and used Vimeo to accomplish that.

I know you didn't list Vimeo as one of the options you explored, but if you are open to explore it, it has a lot of privacy related options.

Reference on whitelisting domains to a private video:

https://developer.vimeo.com/api/reference/videos#add_video_privacy_domain

Using their PHP client is just a method call, after uploading your video with their Client, and fetching the video ID from the response you just have to make this call:

use Vimeo\VImeo;

$vimeo->request("{$videoId}/privacy/domains/{$domain}", [], 'PUT');

Where $vimeo is an instance of theirs' PHP client object.

===

Another option, if using S3, would be issuing temporarily signed URLs:

https://laravel.com/docs/8.x/filesystem#file-urls

(scroll to Temporary URLs section)

So when rendering a template you would create a temporary URL for the asset on S3 for a given time, maybe twice or three times the video length (in case user pauses it or internet connection is poor) and uses that as the <video> source

It won't restrict by domain, but at least would make it harder to harvest it on a later time.

The link above points to the Laravel Docs which exposes a high-level API to deal with S3, maybe using the AWS PHP Client there are more privacy options available, but you would need to check it out.

Also DO Spaces might allows a similar features, but I am not familiar with it.

1 like
colbyalbo's avatar

Thanks, I'll check out the signed URL option. I did consider Vimeo, and still might, but I'd like to have one place for the mp3's & mp4's, You can't upload mp3's to vimeo.

thanks!

rodrigo.pedra's avatar

You're welcome.

On the project I used it I didn't need to handle audio-only files, so I wasn't aware of that.

If you come up with a nice solution, please share it.

Have a nice day!

1 like
colbyalbo's avatar

After half a day of searching, This is gonna take more time than I have for this project, just gonna go the vimeo route for now. From reading several blogs and post on here, i get the feeling that what I come up with, may not completely restrict the access the way that Vimeo can. (Gonna use Cloudinary for the audio files).

I'm gonna do more research and tinkering as time permits, If I come up with something I'll post here

thanks!

rodrigo.pedra's avatar

You're welcome =)

Thanks for providing a feedback on your findings. Good luck and have a nice week

1 like

Please or to participate in this conversation.