latest stable versions: v150827 (changelog)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Video protection: cloudfront or self-hosted?

Home Forums Community Forum Video protection: cloudfront or self-hosted?

This topic contains 10 replies, has 4 voices. Last updated by  BoMember 4 years, 1 month ago.

Topic Author Topic
Posted: Friday Nov 30th, 2012 at 10:35 am #33014
BoMember
Username: BoMember

Hi all,

During testing I found out that a self-hosted video (../s2member-files/video.mp4) cannot be approached without logging in. While a video hosted on Cloudfront can be accessed right away: d11111111.cloudfront.net/video.mp4?Policy=te5yet…

Am I missing something or is a self-hosted video ‘safer’? Or should I add extra protection to my Cloudfront settings somehow?!

By the way, I do understand HTML5 is far less safe than flash.
Thanks for your advice!

List Of Topic Replies

Viewing 10 replies - 1 through 10 (of 10 total)
Author Replies
Author Replies
Posted: Friday Nov 30th, 2012 at 5:09 pm #33050
Raam Dev
Username: Raam
Staff Member

Hi Bjorn,

Have you configured an Amazon S3 bucket for your files in Dashboard -› s2Member® -› Download Options -› Amazon® S3/CDN Storage and configured your CloudFront settings in Dashboard -› s2Member® -› Download Options -› Amazon® S3/CloudFront CDN Storage? The level of protection is the same whether you’re storing locally (in s2member-files/) or on Amazon/CloudFront.

Posted: Saturday Dec 1st, 2012 at 5:49 am #33083
BoMember
Username: BoMember

Thanks for quick response. Yes, all is setup and working. But, fall back mode is either a link to ../s2member-files directory (self hosted) -> it has download protection by s2member. Or a link to the Cloudfront distribution -> in my case I copy a direct link to the file (found in the source code including keys) in the download distribution, which isn’t protected by s2member. I tested this by copying this incredible large link, pasting it in a different browser (not logged in) and getting the file by download without problem.

Am I missing something?

Posted: Saturday Dec 1st, 2012 at 7:57 am #33093

Am I missing something or is a self-hosted video ‘safer’? Or should I add extra protection to my Cloudfront settings somehow?!

Yeah, you should edit the permissions for the bucket you integrate with s2Member, so that files can’t be accessed directly, only through s2Member because it adds an authentication that permits temporary access to the file.

Posted: Saturday Dec 1st, 2012 at 9:05 am #33095
BoMember
Username: BoMember

Ok Cristián thanks. I hoped S2member would configure this automatically. Is there any tutorial available how I could do this by myself?

It’s a great product and I am very happy with your support! Proud customer!

Posted: Saturday Dec 1st, 2012 at 5:05 pm #33132
Bruce
Username: Bruce
Staff Member

Is there any tutorial available how I could do this by myself?

You may want to check out the video tutorial here:

http://www.s2member.com/videos/BD496E5F2CCAB12A/

Jason goes over setting up the Amazon S3 Cloudfront with JW Player, but you can adopt these changes to work with just downloads pretty easily.

Posted: Sunday Dec 2nd, 2012 at 3:48 am #33191
BoMember
Username: BoMember

Yeah, you should edit the permissions for the bucket you integrate with s2Member, so that files can’t be accessed directly, only through s2Member because it adds an authentication that permits temporary access to the file.

Any suggestions how to configure this? I have Cloudfront / JW player up and running well…
Thanks!

Posted: Sunday Dec 2nd, 2012 at 12:39 pm #33216
Bruce
Username: Bruce
Staff Member

Any suggestions how to configure this? I have Cloudfront / JW player up and running well…
Thanks!

If you check the box under Dashboard -› s2Member® -› Download Options -› Amazon® S3/CloudFront CDN Storage labeled Yes, automatically configure my Amazon® CloudFront Distributions & Amazon® S3 ACLs for me., s2Member should automatically set this up for you.

Posted: Monday Dec 3rd, 2012 at 7:39 am #33288
BoMember
Username: BoMember

If you check the box under Dashboard -› s2Member® -› Download Options -› Amazon® S3/CloudFront CDN Storage labeled Yes, automatically configure my Amazon® CloudFront Distributions & Amazon® S3 ACLs for me., s2Member should automatically set this up for you.

This is exactly what I have done. It works. But the fallback link to the download distribution on Cloudfront is not protected. If you copy the source code link of the fallback (which looks like: d11111.cloudfront.net/video.mp4?Policy=11111?signature=11111?key-pair-id=11111) and you paste it in a browser on a different computer it is accessible. Is this normal, or is there still something I am overseeing?

Posted: Monday Dec 3rd, 2012 at 2:17 pm #33341
Bruce
Username: Bruce
Staff Member

If you copy the source code link of the fallback (which looks like: d11111.cloudfront.net/video.mp4?Policy=11111?signature=11111?key-pair-id=11111) and you paste it in a browser on a different computer it is accessible. Is this normal, or is there still something I am overseeing?

This is the expected behavior, as Amazon is allowing connections to this URL for a designated amount of time with this signature. A user should only be able to access the file through this URL for a specific amount of time, which I believe depends on the file size, set up by Amazon.

Posted: Tuesday Dec 4th, 2012 at 9:02 am #33431
BoMember
Username: BoMember

For anyone looking to set expiration time in the signed url with CloudFront, please use this hack by Jason. Thanks for help all.
Expiration Time / Cloudfront hack

  • This reply was modified 4 years, 1 month ago by  BoMember.
Viewing 10 replies - 1 through 10 (of 10 total)

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.