The hotlinking protection function is developed based on HTTP referrers to trace and verify the source of the requests. You can configure the referrer blacklist and whitelist to identify and filter visitors, in order to limit access to the live streaming resources.

Currently, hotlinking protection supports both the referrer whitelist and blacklist. When a visitor sends a request to a resource, the CDN node verifies the identity of the visitor based on the configured referrer whitelist or blacklist. Based on the matching result, the CDN node then returns the resource or a 403 error to the visitor.

Restrictions and guidelines

  • The hotlinking protection function is optional. By default, this function is disabled.

  • After enabling this function, you can then choose to configure the referrer whitelist or blacklist. The whitelist and blacklist are mutually exclusive. This topic describes how to configure the referrer blacklist.

  • You can set whether to allow blank referrers to access CDN assets. If you select this option, you can access an asset by entering the URL of the asset into the address bar of your browser.
    • In most cases, you cannot obtain referrers on mobile platforms. Therefore, blank referrers are allowed to access CDN assets by default. If you forbid blank referrers to access CDN assets, you can use ApsaraVideo Player to set the referrer on your mobile platform.
    • If you forbid blank referrers to access CDN assets, make sure that HTTPS is enabled and HTTP > HTTPS is selected to forcibly redirect HTTP requests to HTTPS requests. Some Web browsers remove referrers when you send HTTPS requests to access HTTP resources. This will cause a resource access error.
  • The hotlinking protection function supports wildcard domain names. For example, if you add domain, hotlinking protection considers the domain as * All subdomains under this domain will take effect.


  1. ClickDomain Management.
  2. Select the target streaming domain name, and click Domain Settings.
  3. Click Access Control.
  4. Select Hotlinking Protection, and click Change Settings.
  5. Select Blacklist, and enter a domain name into the Referrers text box.
    The Blacklist is then successfully configured.
    Note The blacklist and whitelist are mutually exclusive. You cannot set the blacklist and whitelist for hotlinking protection at the same time.