No referrer header on leacher's site !!

Richard Stanway r1ch+nginx at teamliquid.net
Tue Apr 4 19:15:00 UTC 2017


With the controls sites have over the referrer header, it's not very
effective as an access control mechanism. You can use something like
http://nginx.org/en/docs/http/ngx_http_secure_link_module.html
instead.

On Tue, Apr 4, 2017 at 1:39 PM, shahzaib mushtaq <shahzaib.cb at gmail.com> wrote:
> Hi,
>
> Thanks for quick response. Well its reverse, he's putting our HTTPS video
> link on his HTTP website. Could that create issue as well? If yes, what's
> the fix of it.
>
> Again thanks for your help.
>
> On Tue, Apr 4, 2017 at 4:32 PM, nanaya <me at myconan.net> wrote:
>>
>> Hi,
>>
>> On Tue, Apr 4, 2017, at 20:24, shahzaib mushtaq wrote:
>> > Hi,
>> >
>> > We came across a website who is playing our video links remotely. Since
>> > we've hotlinking protection enabled based on referrer headers so i
>> > checked
>> > the request header by playing that video & found out that *referrer
>> > header
>> > was missing* in the browser's requests header tab.
>> >
>>
>> If your site isn't https but his site is, some browsers by default don't
>> send referrer header. There are also various other referrer policies
>> with varying level of support:
>>
>> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
>>
>> http://caniuse.com/#search=referrer%20policy
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


More information about the nginx mailing list