>>With the controls sites have over the referrer header, it's not very effective as an access control mechanism. You can use something like http://nginx.org/en/docs/http/ngx_http_secure_link_module.html instead.
We're also using Nginx secure link module based on HASH + expiry but somehow this secure link is exploited by that website. The video link hash on his website is exactly matching with ours means no matter if hash get expire & new takes it place that leacher is also getting the new hash & we're unable to find how he exploited us. Though on digging more into this we found that he's using following script to fetch video links from our website : https://github.com/XvBMC/repository.xvbmc/blob/master/plugin.video.saltsrd.lite/scrapers/dizibox_scraper.py His website name is also dizibox1. On Wed, Apr 5, 2017 at 1:54 AM, Francis Daly <fran...@daoine.org> wrote: > On Tue, Apr 04, 2017 at 04:39:23PM +0500, shahzaib mushtaq wrote: > > Hi there, > > > Thanks for quick response. Well its reverse, he's putting our HTTPS video > > link on his HTTP website. Could that create issue as well? If yes, what's > > the fix of it. > > nginx does not know (or care) what the linking site does. All it can > see is the request made to it. > > The browser entirely controls what request headers the browser sends. > > If you want to deny all requests that have no Referer header, you can > do that. > > If you want to deny only some requests that have no Referer header, > you will need to tell nginx which requests to deny and which requests to > allow. But before you can do that, you will have to know how to identify > the requests in one of the sets. > > f > -- > Francis Daly fran...@daoine.org > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
