Nginx Kodi User Agent secure_link blocking / banning

lists at lazygranch.com lists at lazygranch.com
Wed Nov 2 07:12:13 UTC 2016


Kodi is the renamed xbmc. I use it myself, but I never "aimed" it at a website. I just view my own videos or use the kodi plug-ins. You can install it yourself on a PC and see it is intended to be just a media player. It really isn't any different that seeing VLC as the agent. 

Perhaps someone wrote a plugin for your website. Make that a poorly written plugin ;-)

Do you offer your mp4 files to the public?

I've been told but have no proof that Kodi jammed on a Roku stick could contain malware. I have only used it on Windows and Linux. 



  Original Message  
From: c0nw0nk
Sent: Tuesday, November 1, 2016 11:28 PM
To: nginx at nginx.org
Reply To: nginx at nginx.org
Subject: Nginx Kodi User Agent secure_link blocking / banning

So with Nginx my access.logs show allot of Kodi user agents from what I look
up online Kodi is a app that runs on Phones, TV sticks, Mac, PC etc and it
is used for watching live TV I reckon its a pretty abusive app or service
since there is allot going around about IPTV and how illegal it is.

The issue I have is I am receiving allot of spammy errors from them like
this.


[02/Nov/2016:06:46:58 +0100] "HEAD
/media/files/5b/4e/80/79ecf5e1db30cd313adcac277134389b.mp4?md5=RoSdLIex-9qnGbGdpSyoDDojjTM&expires=1478083618
HTTP/1.1" Status:403 0
"http://networkflare.com/media/files/5b/4e/80/79ecf5e1db30cd313adcac277134389b.mp4?md5=RoSdLIex-9qnGbGdpSyoDDojjTM&expires=1478083618"
"Kodi/16.1 (Linux; Android 5.1.1; AFTM Build/LVY48F) Android/5.1.1
Sys_CPU/armv7l App_Bitness/32 Version/16.1-Git:2016-04-24-c327c53"

[02/Nov/2016:06:47:01 +0100] "GET
/media/files/12/d1/df/c057fab9ca845f4ae182796a124da8a2.mp4?md5=ILfKhx7G3Mt_RsZjhTNRk5RnXXI&expires=1478083619
HTTP/1.1" Status:403 162
"http://networkflare.com/media/files/12/d1/df/c057fab9ca845f4ae182796a124da8a2.mp4?md5=ILfKhx7G3Mt_RsZjhTNRk5RnXXI&expires=1478083619"
"KODI/21.1 (Linux; Android 4.4.2; m201 Build/KOT49H) Kodi_Fork_KODI/1.0
Android/4.4.2 Sys_CPU/armv7l App_Bitness/32
Version/21.1-Git:2016-10-15-c327c53-dirty"

[02/Nov/2016:06:47:03 +0100] "GET
/media/files/cf/0d/38/8d62ecb3f7813ca45ce561e5ab31314f.mp4?md5=b_1dqChBf3PZthSuYDWmNYehZRo&expires=1478083621
HTTP/1.1" Status:403 162
"http://networkflare.com/media/files/cf/0d/38/8d62ecb3f7813ca45ce561e5ab31314f.mp4?md5=b_1dqChBf3PZthSuYDWmNYehZRo&expires=1478083621"
"Kodi/16.1 (Linux; Android 4.4.4; SM-N900V Build/KTU84P) Android/4.4.4
Sys_CPU/armv7l App_Bitness/32 Version/16.1-Git:2016-04-24-f6ceced"

[02/Nov/2016:06:47:04 +0100] "GET
/media/files/12/d1/df/c057fab9ca845f4ae182796a124da8a2.mp4?md5=ILfKhx7G3Mt_RsZjhTNRk5RnXXI&expires=1478083619
HTTP/1.1" Status:403 162
"http://networkflare.com/media/files/12/d1/df/c057fab9ca845f4ae182796a124da8a2.mp4?md5=ILfKhx7G3Mt_RsZjhTNRk5RnXXI&expires=1478083619"
"KODI/21.1 (Linux; Android 4.4.2; m201 Build/KOT49H) Kodi_Fork_KODI/1.0
Android/4.4.2 Sys_CPU/armv7l App_Bitness/32
Version/21.1-Git:2016-10-15-c327c53-dirty"


Now I don't host any IPTV services I only have my own static MP4's, My
access.log clearly displays they are trying to hit static MP4 files they
have obviously not used my site to obtain the correct link what is why the
secure_link module is denying them and they seem to be pulling the link
straight from HTML as the ampersand inside the referrer and request URL
shows (&), Another thing that makes me curious it how the referrer URL
is an exact match to what the request URL is. And considering my site does a
301 redirect on all links to http://www.networkflare.com/* there is no way
that the referrer should be without a www. in the URL. (Allot of things
don't seem right about these requests)

Are these bots has anyone had any experience with KODI before and should I
just ignore these requests or take the next step by blacklisting Kodi
matching user agents.

I also read that Kodi does not display adverts similar to a adblocker and I
have a major problem with those who try to hotlink hijack steal bandwidth
and waste resources for free as I am sure allot of others do.

Thanks for reading looking forward to what advice and input others can share
on what should be done.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,270705,270705#msg-270705

_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list