With the controls sites have over the referrer header, it's not very effective as an access control mechanism. You can use something like http://nginx.org/en/docs/http/ngx_http_secure_link_module.html instead.
On Tue, Apr 4, 2017 at 1:39 PM, shahzaib mushtaq <shahzaib...@gmail.com> wrote: > Hi, > > Thanks for quick response. Well its reverse, he's putting our HTTPS video > link on his HTTP website. Could that create issue as well? If yes, what's > the fix of it. > > Again thanks for your help. > > On Tue, Apr 4, 2017 at 4:32 PM, nanaya <m...@myconan.net> wrote: >> >> Hi, >> >> On Tue, Apr 4, 2017, at 20:24, shahzaib mushtaq wrote: >> > Hi, >> > >> > We came across a website who is playing our video links remotely. Since >> > we've hotlinking protection enabled based on referrer headers so i >> > checked >> > the request header by playing that video & found out that *referrer >> > header >> > was missing* in the browser's requests header tab. >> > >> >> If your site isn't https but his site is, some browsers by default don't >> send referrer header. There are also various other referrer policies >> with varying level of support: >> >> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy >> >> http://caniuse.com/#search=referrer%20policy >> _______________________________________________ >> nginx mailing list >> nginx@nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
