Protecting (Hiding? Redirecting?) HTML code

Condensed but most simple example:

On my website, there's a page with a customized flash player that plays songs from a list of 50 or so mp3 files.

Let's say the address of the page with the player is,

and the page of mp3 files is located at

Visitors to the site simply go to and listen. It's come to my attention that not-so-honest types are figuring out that  the index--and songs/links which can be downloaded are available at

For the record, I pay all required music licensing fees, ASCAP, BMI, SESAC and Sound Exchange.

I want to stop the vandals from accessing, displaying, and promoting the song links on the page that contains them.

The online searching that I've done so far seems to say:

1) that protecting or hiding the HTML code can't be completely done
2) can be done to some extent with no search engines being able to track the site (not something I can live with)
3) redirecting may work in this case

It's a little beyond me, and that's why you're reading this.

Experts, are there any ways to do what I need to do?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
There is no way to protect yourself 100%.  There are tools out there where you can redirect the sound that is supposed to go to the speakers to instead be recorded to your hard drive.

Otherwise, you can use your web server to prevent certain files or directories from being directly targeted.  Something on the line of
RadioGeorgeOwner/ProgrammerAuthor Commented:
Scott, I appreciate your responding to my question, but the page you directed me to is so technically complex, I  have no idea of what the author is even talking about, so there's no value there for me at all.

Any other ideas or suggestions that a totally no-tech type can understand?
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
The article described how to block certain file types from playing directly.  In that case it is  using iis, but in Linux you would use htaccess.

Regardless this still does not prevent a user from diverting the sound from the speakers to a recording.  If somebody wants to grab it, one way or another they can.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

RadioGeorgeOwner/ProgrammerAuthor Commented:
Sorry, but this solution simply does not come close to adequately answering my question. However, it appears EE is set up to require awarding points rather than just yanking the question, which doesn't make sense, but I'm not in charge.
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
>I want to stop the vandals from accessing, displaying, and promoting the song links on the page that contains them.

I doubt anybody is vandalizing your site or you would be asking a different question.  Somebody stealing your bandwidth is a different story.   I have given you some technical and general options on how to prevent that and you mentioned it is over your head.   You have the option of either asking for more details on what you don't understand or hire a professional to do this for you.

The information I provided you is valid.

1) There is not a 100% way for somebody to "steal" your music.  If you can stream it, people can record it.   This was backed up by your own research as posted in your question.

2) One option I gave you is to use your web server (iis web.config or linux .htaccess) to prevent other sites from accessing specific files.

This is by no means an easy, cut and dry answer.   A 3rd option is to use a streaming service you would have to pay that can "vault" your media and allow access only via your webserver.  This is probably not something you can do on your own unless you want to do some coding.  

>appears EE is set up to require awarding points rather than just yanking the question
You could delete the question, but that would discount the information you have been provided.  The proper thing to do at this point could be to ask for more clarification if you still do not understand.
RadioGeorgeOwner/ProgrammerAuthor Commented:

I'm sorry that you take offense at my comments but I stand by them.

The matter of people recording music, audio, whatever from the speakers was simply never an issue.

What part of "over my head" don't you understand? When the jargon you pointed me to is 100% tech talk, it's pretty much like being spoken to in a foreign language. (I have experienced this same thing before on EE; I can only conclude it's an engineer thing.)

You say: "One option I gave you is to use your web server (iis web.config or linux .htaccess) to prevent other sites from accessing specific files." Scott, this is TECH TALK! I have absolutely no clue what this says or means.

I realize the answer is not cut and dry, but I do expect a general overview statement about the answer to be extremely simple.

I awarded you the points because you DID make an effort to help. Let's leave it at that.
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
>I do expect a general overview statement about the answer to be extremely simple.

Store  your media outside of your public files.  This may not be available in some shared hosting plans.

If your domain is and that points to your server c:\username\playmusic\public\ and your current media files are in  c:\username\playmusic\public\variety\tt2 then once I find out song1.mp3 is stored in the tt2 folder, I can just surf to it by going to\variety\tt2\song1.mp3

You can prevent this by storing your media outside of the public site like, c:\username\playmusic\private\media\song1.mp3  

When the site user wants to play a song, you will use server side coding (.NET, PHP, Node etc) to call up the song from the server and temporarily bring it to the public to stream.

This prevents somebody from surfing to where your media is because the private folder (or whatever it is called) is not available to the public.

This is the simplest outline, but is complex and will be near impossible to follow if you are not a developer.  

Another option to "vault" your media is to use a CDN (Content Delivery Network).  The real benefit of a CDN is it will copy your media to many servers and their own technology will automatically serve your media from the closest server to the user.  If your server is in New York and your users are all in NY and you do not have many users, they may not notice a difference.  If your user is in CA, then the media has to travel from NY to CA and there could be some lag. Actually, trying to host your own video or music is not a good idea. 

Limelight is one of many CDN's and I am not endorsing them.  They do have a way to vault your media, have extensive help files on how to do this and because you have to pay, they offer support.  However, if you are not a developer, the type of support they offer may not be geared for the non technical person just trying to put up an easy site.  They also have their own player and instructions on how to embed

<object width="608" height="395" id="limelight_player_149251o" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000">
    <param name="movie" value=""/>
    <param name="wmode" value="window"/>
    <param name="allowScriptAccess" value="always"/>
    <param name="allowFullScreen" value="true"/>
    <param name="flashvars" value="deepLink=true&channelId=ee258eb20ceb4a1caf59b4c1c7f1212c&playerForm=2b84c3101f624f1d9f5857abfc109d52"/>
    <embed src="" name="limelight_player_149251e" wmode="window" width="608" height="395"
    allowScriptAccess="always" allowFullScreen="true" type="application/x-shockwave-flash" pluginspage=""

Open in new window

While you can see the media information in the code, you would not be able to surf to it.

The concept is simple, but implementation of any of this is not.

Good luck

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RadioGeorgeOwner/ProgrammerAuthor Commented:

Thank you for the followup comment, which I was indeed able to follow.

Your solution in the "" example may be the only thing that will work and I certainly understand it and know how to implement it.

For the record, I don't use any video, so that's not a consideration

I see how the streaming and "vault" solutions would work, but because of the structure of the site we're talking about, they are simply not applicable. Also, with listeners in over 4,000 cities in more than 140 countries/nations, I imagine the vault concept would tend to get very pricey very fast.

My operation is best described as "file on demand," specifically designed to (1) avoid 24/7 streaming costs, (2) comply with music licensing requirements (I pay ASCAP, BMI, SESAC, and Sound Exchange), and (3) track each and every song (used custom-built software) that is heard to keep required records that get sent quarterly to the music publishers.

Guess we had to volley for awhile to get a possible solution--and again, thanks for the time you've put into this.
RadioGeorgeOwner/ProgrammerAuthor Commented:
Scott's followup to earlier posts provided a simple (possible) solution that is easy to understand and implement.  Sometimes, that's just the way things work out.

His persistence and willingness to respond so that I could understand what he was saying show a lot of class, and I appreciate that very much.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.