In this tutorial you will learn how to use MaxCDN EdgeRules to only allow blank referers to certain device types or browsers.

This rule is most commonly used to prevent known mobile device misbehaviors while using video streaming. Usually, Android will not send the referrer, thus causing systems that block unauthorized referrers to reject these requests (due to blank referrer sent by browsers).

In the following rule, we’ve used one “help variable” called “flag” to dictate the future valid/invalid referer state for individual requests. And eventually, we’ve applied the value of this variable into $invalid_referer:

Nginx configuration block

location / {
        set $flag "1";
        if ($http_user_agent ~ (Android)) {                                  
            set $flag "0";
        }
        if ($http_referer ~ ^$) {                                  
            set $invalid_referer $flag;
        }
        valid_referers domain.com;
        if ($invalid_referer) {
            return 403;
        }

CURL examples

CURL with valid referrer:
~$ curl -I cdn.domain.com/ --referer http://domain.com
HTTP/1.1 200 OK
Date: Wed, 20 May 2015 15:48:18 GMT
Content-Type: text/html
Content-Length: 151092
Connection: keep-alive
Last-Modified: Wed, 20 May 2015 15:25:02 GMT
ETag: "193b94f-24e34-5168507e845bc"
Vary: Accept-Encoding
Server: NetDNA-cache/2.2
Flag: 1
X-Cache: HIT
Accept-Ranges: bytes

CURL with blank referrer and proper/allowed user agent:

~$ curl -I cdn.domain.com/ -A "Android"
HTTP/1.1 200 OK
Date: Wed, 20 May 2015 15:48:22 GMT
Content-Type: text/html
Content-Length: 151092
Connection: keep-alive
Last-Modified: Wed, 20 May 2015 15:25:02 GMT
ETag: "193b94f-24e34-5168507e845bc"
Vary: Accept-Encoding
Server: NetDNA-cache/2.2
Flag: 0
X-Cache: HIT
Accept-Ranges: bytes

CURL without referrer and without user agent:

~$ curl -I cdn.domain.com/
HTTP/1.1 403 Forbidden
Date: Wed, 20 May 2015 15:48:31 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Server: NetDNA-cache/2.2
Note that it’s assumed you have the rest of the referrers defined under security tab described on this page.

If you have any questions about implementing this MaxCDN EdgeRule, please leave a comment below.