No referrer header on leacher's site !!

c0nw0nk nginx-forum at forum.nginx.org
Thu Apr 6 11:33:03 UTC 2017


Hello There,

I had this same issue and fixed it by the following method.

For example in HTML :
<source src="file.mp4?md5=jobIVRUfgH6USADuWsqJHr818vw&expires=1478192353"
type="video/mp4" />

That is what your media stream link would look like.

But if you use JavaScript like the following example :

<script type="text/javascript">
window.onload = MediaReplacement()
function MediaReplacement() {
var _video =
"/file.mp4?md5=jobIVRUfgH6USADuWsqJHr818vw&expires=1478192353";

var videoTags = document.getElementsByTagName("source");
videoTags[0].src = _video;
}
</script>
<video width="320" height="240" controls="controls">
<!-- MP4 for Safari, IE9, iPhone, iPad, Android, and Windows Phone 7 -->
<source src="" type="video/mp4" /> <!-- NOTICE HOW I MADE THIS EMPTY BECAUSE
JAVASCRIPT WILL INSERT THIS NOW -->
</video> 

And you insert your stream link into the page using JavaScript it unlocks
the ability to make it hard for their python script to
scrape/hotlink/content leech of your web pages.

You can obfuscate JavaScript you can change the var names you can make it
incredibly dynamic and difficult breaking their apps completely the more
dynamic it is the harder and harder it is for them to obtain your stream
links.


Also you should blocked the following two user agents that those apps use.

Kodi
XBMC

(I would suggest making them non case sensitive matches too)

Where I posted in regards to this.
https://forum.nginx.org/read.php?2,270705,270739#msg-270739
https://github.com/C0nw0nk/Nginx-Lua-Secure-Link-Anti-Hotlinking

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273405,273447#msg-273447



More information about the nginx mailing list