Hotlink protection requires you to configure a referer whitelist or blacklist to identify and filter users. This helps you restrict access to Content Delivery Network (CDN) nodes and improve service security. This topic describes how to configure referer-based hotlink protection.
Background information
Hotlink protection uses an HTTP referer header to track request sources and identify requests.
Hotlink protection provides a referer whitelist or a referer blacklist. After a user sends a request to a CDN node, the node authenticates the user identity based on the preset referer whitelist or blacklist. If the request passes the authentication, the user can access the requested resources. If the request fails the authentication, a 403 HTTP response code is returned.
- Hotlink protection is optional. This feature is disabled by default.
- The blacklist and whitelist are mutually exclusive and cannot be enabled at the same time.
- After you configure hotlink protection, wildcard domains are automatically supported.
For example, if you enter
example.com
, the domain that takes effect is*.example.com
. Hotlink protection takes effect on all domains that match *.example.com. - You can specify whether to allow requests with an empty referer header to access resources. If you allow the access, users can directly access resources by entering the resource URL in the address bar of a browser.