HLS Encryption Implementation on S3 Storage for Limited Video to be Downloaded

Written By Support Team (Administrator)

Updated at February 14th, 2021

Protection on the video website is necessary these days. It is become more important to secure the ownership of the video that was aired on the online course website, catalog and any other stuff.

Using HLS video encryption on played video only played through the domain that listed on policy that already on S3 bucket storage.

First, order NEO Block Storage through this link https://www.biznetgio.com/price-simulator 

Open NEO Block Storage using S3 client like S3 Browser and fill your account on S3 Browser.

Click buckets > Click Edit Bucket Policy.

Input HLS Policy on Bucket Policy Editor.

[Input your domain] input the domain that will be a place for the video to play


"Version": "2012-10-17",

"Statement": [


"Sid": "Explicit deny to ensure requests are allowed only from a specific domain.",

"Effect": "Allow",

"Principal": "*",

"Action": "s3:GetObject",

"Resource": "arn:aws:s3:::<bucket>/*",

"Condition": {

"StringLike": {

"aws:Referer": [








Open CORS configuration, click bucket > CORS Configuration.

Input CORS Rules to CORS Configuration Editor.

The following rules can be copied to the CORS Configuration Editor.

(input allowed domain )



<AllowedOrigin>http://< input allowed domain >/*</AllowedOrigin>






Set permission All Users > check on read.

Click Http Header change to content-Type to application/x-mpegURL.

Open your wordpress and then install Bradmax Plugin for media player.

Input video link from S3 bucket that already has HLS Encryptioned before, then use plugin Bradmax.

You can see the configuration from HLS Encryption.

Test video for downloading with right click > save as.

The result is video becomes HTML type instead of video format.

You can also test download video using IDM, and the result is video cant be downloaded.

On IDM will show 403 forbidden because it doesn’t have permission

Now test link on web browser

We also suggest on some point to secure video on your website with Right Click Lock.

Use this command below to Right Click lock on the website:

<body oncontextmenu='return false;' onkeydown='return false;' onmousedown='return false;' ondragstart='return false' onselectstart='return false' style='-moz-user-select: none; cursor: default;'>

After adding command above, now you can't right click on your website.

Was this article helpful?