Configure hotlink protection

In KS3, you can enable the hotlink protection feature to prevent hotlinking by using the referer blacklist or whitelist. Requests from domain names in the blacklist are blocked and requests from domain names in the whitelist are allowed. You can manually disable the hotlink protection feature.

Conform to the following rules when you add domain names to the referer blacklist or whitelist:

• Use a comma (,) to separate domain names, without the need to add http:// or https://.
• You can add * as the wildcard before a domain name to represent multi-level subdomains of the domain name.

Some valid requests do not contain the referer header. Therefore, sometimes you may need to allow requests with empty referers. In KS3, you can specify whether to allow requests with empty referers.

Usage notes

Empty referers

If an HTTP request has an empty referer, the content of the referer header in the HTTP request is empty, or the HTTP request does not contain a referer header. An HTTP request has an empty referer in the following two cases:

• The HTTP request is not triggered by clicking a link. For example, if you directly enter a URL in the address box of a browser to visit a page, the HTTP request has an empty referer.
• The HTTP request is triggered by clicking a link on an HTTPS page.

Effect of allowing empty referers

If you select Allow Referer to be empty in the whitelist setting for hotlink protection, you can access resources by directly entering their URLs in the address box of a browser. If you select Do not allow Referer to be empty in the whitelist setting for hotlink protection, you cannot access resources by directly entering their URLs in the address box of a browser.

For more information about how to configure hotlink protection in the KS3 console, see Configure hotlink protection.