July 25, 2016

Block users by HTTP Referer header via WMSAuth

Nimble Streamer paywall capabilities cover several aspects of content protection. Today we add another enhancement - access control based on HTTP "Referer" header.

You may add required Referers as regular expressions into deny list to avoid them accessing the streams.

Let's see how this is set up.

Create Referers group


First, let's go to "Control" -> "WMSAuth paywall setup" top menu to see the page with the list of current WMSAuth groups. Click on Referer groups to see the page below.


Click on Add Referrer group to make a new tab for defining new group.



Enter a regular expression for the Referrer which you don't like to be used by your customers and click Add rule.


You may test it against any string by clicking on Test Referer string.


Here you can enter some referrer and see if it matches your regular expression.

Now when your Referrer group is defined, you can create a blocking WMSAuth rule.

Create WMSAuth group and rule


Go back to WMSAuth groups main page and click on Add WMSAuth group. After entering a name you'll see new group tab.

Here you can assign servers which will be blocking your viewers by Referer. Simply choose it from the list and click on Assign server.


Now click on Add rule to create a rule for applying referer block.


Enter any name and then specify the application name which is planned to be affected. You may also specify a stream name if you need so the rule will be applied to the application + stream couple.

Then scroll down to geo restrictions sections. You can see Allow and Deny lists.


Also you can see drop down lists with countries, IP ranges, User Agent groups and finally Referer groups.

Click on ">>" button to add designated referer group to Deny list.

After clicking on Update WMSAuth rule your restriction will be applied within a few seconds.

That's it - if your player will send HTTP Referer header in any request, and its content will match your regular expression, then it will be blocked.


Allow only specific referer


If you need to allow only specific Referer, you may use negative search in regular expression like
^((?!yourdomain\.com).)*$
In case you need to allow several Referers, this will be similar to allowing single Referer. Here is an example:
^((?!(firstdomain\.com|seconddomain\.com)).)*$
You may use regular expression testing tools like this one.


If you'd like to block each connection by Referer header without hard pre-set in WMSPanel, using handler application, take a look at playback authorization feature set.


If you have any questions regarding this WMSAuth functionality, just contact us.

Related documentation


Nimble Streamer, WMSAuth paywall framework, Geo-location and IP range restriction, Hotlink protection and domain lock, User agents block in Nimble Streamer

No comments:

Post a Comment

If you face any specific issue or want to ask some question to our team,
PLEASE USE OUR HELPDESK

This will give much faster and precise response.
Thank you.

Note: Only a member of this blog may post a comment.