Protecting audio files

I have a directory (tracks) which contain a number of mp3 and ogg files, track1.mp3 up to track30.mp3 and track1.ogg to track30.ogg. The music files are referred to in <audio> tags <source src=“…/tracks/track1.ogg” type=“audio/ogg”> etc. Is there any way to protect the tracks directory from people directly accessing the mp3 and ogg files by pointing their browser to tracks/track1.mp3 etc whilst allowing the HTML pages to access them?

Not really if you just leave them on disk and serve them like that. You could wrap them up in a script and jack that into whatever authentication you might have. A better approach would be to find a streaming service that handled this for you and probably gives niceities like analytics.

Thanks. I hadn’t thought of using a streaming service…

I just thought of something. It’s theoretical, since I have never tried anything like what you are describing.

There have been sites (granted, in the past) where I’ve tried to download an audio file, but I was prevented from doing so. I suspect that it was the way the web server was set up. The audio file was an .mp3 file, and the player that was accessing it was using a protocol I’m not familiar with. If you typed the full URL including protocol into a browser, it wouldn’t work; if you typed the path using http: or https: it wouldn’t work, either. They somehow set it up so that only the player using that protocol could access the file. I don’t know how they did it, but you might try Googling for something like that.

Just a thought.

Thanks WolfShade. That was what I was hoping might be possible, somehow.

Cheers (I like thoughts!)

What you ran into there was a streaming service most likely – urls would be rstp:// or something like that depending on implementation, right?

It’s been a while since I ran into that, but it was definitely along those lines. Couldn’t browse to it to save my life (with its protocol or the http protocol), but the player sure could access it.


The above techniques are passing along code to identify the requesting script and, if not matched, will not provide the file.

The way that I would protect just about any file is to store it OUTSIDE the webspace. That way, my “player” can access the file directly but visitors cannot. Of course, that means that you will have to provide the “player” and NOT utilize HTML5 audio functions (directly) but that simply opens a new can of worms for you (which should be easier to resolve).



Thanks DK. I’m certainly beginning to think that the HTML5 audio functions are not the way to got, not least as I have to create an ogg and an mp3 version of each track! I have a Flash player as a fallback. Perhaps AudioJS…