MaxCDN Help Center

  1. MaxCDN
  2. EdgeRules
  3. Headers

Allow Blank Referrer

Avatar
Zane L.
Updated:

In order to prevent bandwidth leeching, HTTP Referrer protection can be utilized to explicitly allow certain referrers to access a specified site's CDN assets. However, if aside from explicit allowance of whitelisted referrers a blank one should be included as well, this can still be accomplished while keeping other referrers blocked.

Creating the Rule

This can be accomplished as illustrated in the example below where we allow access to referrers "d.com" and "dom.com":

NGINX Configuration block

location / {
          if ($http_referer !~* (^$|d.com$|dom.com$)) {
          rewrite ^ http://blackhole.com permanent;
          }

Verifying the Rule

CURL example with allowed referrer

# curl -I http://foo.bar.netdna-cdn.com/file.png --referer http://dom.com
HTTP/1.1 200 OK
Date: Thu, 13 Mar 2014 17:23:55 GMT
Content-Type: image/png
Content-Length: 123456
Connection: keep-alive
Last-Modified: Wed, 11 Sep 2013 18:19:58 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Expires: Thu, 20 Mar 2014 17:23:24 GMT
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes

CURL example with blank referrer

Normally, with HTTP Referrer protection a 403 response code would be expected when a blank referrer is used, however, since this rule creates a workaround in this scenario, this is the response with our setup:

curl -I http://foo.bar.netdna-cdn.com/file.png
HTTP/1.1 200 OK
Date: Thu, 13 Mar 2014 17:32:41 GMT
Content-Type: image/png
Content-Length: 123456
Connection: keep-alive
Last-Modified: Wed, 11 Sep 2013 18:19:58 GMT
Cache-Control: max-age=604800
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Expires: Thu, 20 Mar 2014 17:23:24 GMT
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes

CURL example with disallowed referrer

What did we block then? Everything else:

curl -I http://foo.bar.netdna-cdn.com/file.png --referer http://other-domain.com
HTTP/1.1 301 Moved Permanently
Date: Thu, 13 Mar 2014 17:35:02 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://blackhole.com
Server: NetDNA-cache/2.2


We hope this article was helpful and as always, If there are any questions or concerns about any of the topics mentioned in this article, please feel free to reach out to support - we are available 24/7 by chat or email!

Was this article helpful?

Related articles

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Contact Us