Nginx hotlinking protection issue with wildcards!

Detlef_R · May 9, 2014, 12:15am

hello,

 I am using hotlinking protection for mp4 files but found that

whenever
i use wildcard in hot-linking, it doesn’t work properly and videos even
play on the domain where it doesn’t suppose to be buffer.

My mp4 config :

location ~ .(mp4)$ {
mp4;
root /var/www/html/tunefiles;
expires 7d;
valid_referers none blocked server_names mydomain *.mydomain *.
facebook.com *.twitter.com *.seconddomain.com *.thirddomain.com
fourthdomain.com *.fourthdomain.com fifthdomain.com www.fifthdomain.com
embed.fifthdomain.com;
if ($invalid_referer) {
return 403;
}
}

The mp4 file is buffering on the following domain which doesn’t suppose
to
be in valid_referers variable.

http://www.tusnovelas.net/telenovela/lo-que-la-vida-me-robo-capitulo-138

Nginx-1.4.7

Help will be highly appreciated.

Regards.
Shahzaib

shahzaib12 · May 9, 2014, 4:26am

Hello!

On Fri, May 09, 2014 at 03:14:35AM +0500, shahzaib shahzaib wrote:

            root /var/www/html/tunefiles;
The mp4 file is buffering on the following domain which doesn’t suppose to
be in valid_referers variable.

http://www.tusnovelas.net/telenovela/lo-que-la-vida-me-robo-capitulo-138

Nginx-1.4.7

Help will be highly appreciated.

Try looking into Referer header of a request, as well as at server
names of a particular server{} block (as you use “valid_referers
server_names”).

–
Maxim D.
http://nginx.org/

shahzaib12 · May 9, 2014, 7:46am

Please guide me if hot-linking protection should prevent that stream to
be
playable which is embedded ?

shahzaib12 · May 9, 2014, 7:37am

Hello Maxim,

           I am not using server_names, it was just a google stuff i

put in order to test if hotlinking works or not. One of my teammates
informed me that the link is embedded on the website and there’s no
hot-linking protection issue regarding it.

@Maxim, i think embedded videos are different than remotely playable
videos. Offcourse, you’d have the better knowledge

shahzaib12 · May 9, 2014, 8:05am

Hello!

On Fri, May 09, 2014 at 10:36:40AM +0500, shahzaib shahzaib wrote:

Hello Maxim,
           I am not using server_names, it was just a google stuff i
put in order to test if hotlinking works or not. One of my teammates
informed me that the link is embedded on the website and there’s no
hot-linking protection issue regarding it.

Please start with reading (and understanding) documentation here:

http://nginx.org/en/docs/http/ngx_http_referer_module.html

If there are any question remain after this, feel free to ask
again.

–
Maxim D.
http://nginx.org/