No referrer header on leacher's site !!

shahzaib mushtaq shahzaib.cb at
Thu Apr 6 07:50:01 UTC 2017

>>With the controls sites have over the referrer header, it's not very
effective as an access control mechanism. You can use something like

We're also using Nginx secure link module based on HASH + expiry but
somehow this secure link is exploited by that website. The video link hash
on his website is exactly matching with ours means no matter if hash get
expire & new takes it place that leacher is also getting the new hash &
we're unable to find how he exploited us. Though on digging more into this
we found that he's using following script to fetch video links from our
website :

His website name is also dizibox1.

On Wed, Apr 5, 2017 at 1:54 AM, Francis Daly <francis at> wrote:

> On Tue, Apr 04, 2017 at 04:39:23PM +0500, shahzaib mushtaq wrote:
> Hi there,
> > Thanks for quick response. Well its reverse, he's putting our HTTPS video
> > link on his HTTP website. Could that create issue as well? If yes, what's
> > the fix of it.
> nginx does not know (or care) what the linking site does. All it can
> see is the request made to it.
> The browser entirely controls what request headers the browser sends.
> If you want to deny all requests that have no Referer header, you can
> do that.
> If you want to deny only some requests that have no Referer header,
> you will need to tell nginx which requests to deny and which requests to
> allow. But before you can do that, you will have to know how to identify
> the requests in one of the sets.
>         f
> --
> Francis Daly        francis at
> _______________________________________________
> nginx mailing list
> nginx at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list