Fake video sharing Android App !!

Francis Daly francis at daoine.org
Mon Mar 16 13:28:29 UTC 2015

On Mon, Mar 16, 2015 at 04:09:30PM +0500, shahzaib shahzaib wrote:

Hi there,

> Webserver is nginx and hotlinking is already enabled but the issue with no
> Referer_Header for the requests being generated by this android
> application.
> What precautions should we take to prevent this application by using our
> server's bandwidth ?

You have "the requests that you wish to allow as normal". You have "the
requests that you wish not to allow, since they come from this client".

What part of the request that nginx sees puts it into the "yes" or
"no" bucket?

Put that in your configuration, so that "yes" does what happens now,
and "no" returns a http error, or returns a different video inviting
the client to get your official app.

Perhaps their app uses a unique User-Agent header; or all "wanted"
clients do include a Referer header?

If you can't tell a "good" request from a "bad" one, you probably cannot
configure nginx to.

Francis Daly        francis at daoine.org

More information about the nginx mailing list