AWS S3 + Rewrite URL

I am using S3 to host videos to my users.

The problem is that s2Members does not rewrite URL, so user can see the entire S3 URL with session-key.

With the given URL (https://bucket.s3.amazonaws.com/video.mp4?X-Amz-Algorithm=AWS4...), user can copy and send to a friend – with no security check, since is the direct file from S3.

Even when I use https:/site.com/?s2member_file_download=video.mp4 it redirects to AWS S3 URL.

I know that is impossible to prevent file download, but I want to – at least – prevent users from sharing the video URL.

It’s perfect possible to do that, see this StackOverflow answer.

I am doing anything wrong?

That’s the shortcode I am using:

[s2Stream player="jwplayer-v7-rtmp" player_path="/jwplayer/jwplayer.js" player_key="#" player_primary="html5" rewrite="yes" file_download="video.mp4" /]

Actually, s2Member will protect such files just as if there are stored locally if you have set it up correctly, so that even someone with the URL will not be able to access the file without the appropriate permissions.

So the issue is, first, can a non-logged-in user access the file. If they can, you need to check the instructions again and follow them to the letter.

Hello @KTS915.

Do you use S3 config?

Even when I try https://site.com/?s2member_file_download=video.mp4 it redirects to the direct URL of Amazon S3 with session-token, allowing anyone with the link to view it for 24 horas (default time).

If a non-logged person try to reach site.com/?s2member_file_download=video.mp4 the page will return error,
but if a logged person try to reach site.com/?s2member_file_download=video.mp4 the page will redirect to S3 URL, allowing to get that link and share with a non-logged person.