You can set referer blocklist/allowlist and rules to block/allow playback requests so as to protect live streaming content. You can also choose whether to allow empty referer.
How to Configure
Referer URL is based on the HTTP protocol. CSS uses the referer field in an HTTP request to identify the source and verify the request, and then determine whether to accept or reject the request.
Notes
Referer information is included in HTTP requests. Therefore, referer configuration is ineffective for non-HTTP (such as RTMP, WebRTC, QUIC) requests. If you want to restrict the access of RTMP requests so as to prevent malicious users from bypassing referer hotlink protection through RTMP pull, perform configurations in the protocol disablement settings.
Enabling, disabling, or modifying the referer takes effects in 15-20 minutes after the configuration. You don't need to push streams again.
The referer hotlink protection feature verifies the referer information in the header of an HTTP request so as to check whether the request is valid and allow or reject live streaming accordingly. However, there may be cases where a forged referer bypasses the verification to hotlink the service. Therefore, we recommend you not strongly rely on referer for content protection.
Prerequisites
You have activated the CSS service and logged in to the CSS console.
1. Select Domain Management, and click the target playback domain or click Manage on the right to enter the domain management page.
2. In Access Control > Referer Configuration, click
to enable Referer Hotlink Protection.
3. And configure as follows:
Configuration Item
Description
Referer Type
Select Blocklist or Allowlist as the referer type.
You cannot select both of them,
When the referer allowlist is configured, request sources on the list will be allowed to access the live streaming content while those not on the list will be blocked.
When the referer blocklist is configured, request sources on the list will be blocked to access the live streaming content while those not on the list will be allowed.
Allow Empty Referer
When this feature is enabled, access will be allowed for HTTP requests with empty or no referer field. Users can access the live stream URL directly via browsers.
When this feature is disabled, requests with empty referer will be rejected.
Referer Patterns
You can enter up to 100 patterns. Please separate them with line breaks, Do not leave empty rows or enter semicolons(;).
You can enter IPs or domain names. The field supports path prefixes (domain names and IPs) and wildcards (domain names) for match. For example:
If you enter 101.1.0.1 and www.test.com,the configuration will take effect for both 101.1.0.1/157 and www.test.com/tencent.
If you enter *.test.com, the configuration will take effect for both www.test.com and a.test.com.
If you enter no referer pattern, the blocklist/allowlist is not configured.
4. Click Save to save the configuration.
Modifying Referer
1. Select Domain Management, and click the target playback domain or click Manage on the right to enter the domain management page.
2. In Access Control > Referer Configuration, click Edit to enter the referer configuration page.
Yes
No
Was this page helpful?