No referrer header on leacher's site !!

c0nw0nk nginx-forum at
Thu Apr 6 11:33:03 UTC 2017

Hello There,

I had this same issue and fixed it by the following method.

For example in HTML :
<source src="file.mp4?md5=jobIVRUfgH6USADuWsqJHr818vw&expires=1478192353"
type="video/mp4" />

That is what your media stream link would look like.

But if you use JavaScript like the following example :

<script type="text/javascript">
window.onload = MediaReplacement()
function MediaReplacement() {
var _video =

var videoTags = document.getElementsByTagName("source");
videoTags[0].src = _video;
<video width="320" height="240" controls="controls">
<!-- MP4 for Safari, IE9, iPhone, iPad, Android, and Windows Phone 7 -->
<source src="" type="video/mp4" /> <!-- NOTICE HOW I MADE THIS EMPTY BECAUSE

And you insert your stream link into the page using JavaScript it unlocks
the ability to make it hard for their python script to
scrape/hotlink/content leech of your web pages.

You can obfuscate JavaScript you can change the var names you can make it
incredibly dynamic and difficult breaking their apps completely the more
dynamic it is the harder and harder it is for them to obtain your stream

Also you should blocked the following two user agents that those apps use.


(I would suggest making them non case sensitive matches too)

Where I posted in regards to this.,270705,270739#msg-270739

Posted at Nginx Forum:,273405,273447#msg-273447

More information about the nginx mailing list