All Products
Document Center

ApsaraVideo Live:Configure hotlink protection

Last Updated:Jan 04, 2024

ApsaraVideo Live allows you to configure hotlink protection based on a Referer blacklist or whitelist to restrict requests that access resources on Alibaba Cloud points of presence (POPs). This helps you identify and filter users, prevent unauthorized access to your live streaming resources, and improve the live streaming security. This topic describes how to enable and use hotlink protection.

Background information

Hotlink protection uses the Referer header to identify and filter requests by tracing request sources.

ApsaraVideo Live allows you to configure a Referer blacklist or whitelist. After a user sends a request to a POP, the POP verifies the user identity of the request based on the configured Referer whitelist or blacklist. If the request passes the verification, the requested resource on the POP is obtained. If the request fails the verification, an HTTP status code 403 is returned.

  • Hotlink protection is optional. By default, hotlink protection is disabled.

  • The blacklist and whitelist are mutually exclusive. The list that is configured last takes effect.

  • When you configure a Referer blacklist or whitelist, wildcard domain names can be automatically added. For example, if you enter, the wildcard domain name * takes effect. This way, all subdomains of are added to the list.

  • You can specify whether to allow requests with an empty Referer header to access your resources. If you allow such requests, users can directly access the resources by entering the URL into the address bar of a browser.

    • In most cases, mobile clients cannot obtain the Referer header. By default, requests with an empty Referer header are allowed. If you do not allow requests with an empty Referer header, you can use ApsaraVideo Player SDK to configure the Referer header for requests on mobile clients.

    • If you do not allow requests with an empty Referer header, you must configure HTTPS secure acceleration to enable forcible redirect and set the Redirect Type parameter to HTTP > HTTPS. Take note that some browsers remove the Referer header when they process HTTPS requests that are sent to access HTTP resources. This causes access failures.


  1. Log on to the ApsaraVideo Live console.
  2. In the left-side navigation pane, click Domains to go to the Domain Management page.
  3. Find the streaming domain that you want to configure and click Domain Settings in the Actions column.


  4. Choose Streaming Management > Access Control.

  5. Click the Hotlink Protection tab, and turn on Hotlink Protection.


  6. Specify the Type parameter, add Referers in the Referrers text box, and then click OK.


    The following table describes the types of Referer-based hotlink protection.




    Requests from domain names that are included in the blacklist cannot access your resources.


    Only requests from the domain names that are included in the whitelist can access your resources.