Referrer-Based Access Control
This document is a machine-translated draft and is currently undergoing review. Some content may be inaccurate or differ from the original Korean version. For the most precise information, refer to the Korean documentation.
What is a referrer?
The Referer included in HTTP request headers contains the URL of the web page that initiated the current request. By checking this information in the Kollus VOD console, you can determine whether a content request originated from your customer's official site or from an unauthorized third-party site.
Kollus VOD uses referrer-based access control to block embed code (iframe) theft and abnormal link sharing, ensuring that content is served reliably only within designated domain environments.
Referrer-based access control policies
You can choose and apply one of the following three policies based on your business security strategy.
| Policy | Description |
|---|---|
| Allow playback only from specific domains | Only allows playback of requests originating from specified domains, and blocks all other access entirely. |
| Block playback only from specific domains | Blocks access only from specific domains suspected of leakage or requiring restriction, while allowing free viewing from all other environments. |
| Block if no referrer | Treats requests with missing referrer information—due to browser security settings or direct link entry—as abnormal access and blocks them. |
Referrer settings
You can establish domain security policies at the channel level.
- Go to Kollus VOD Console > [Channel].
- Click [More options (⋮)] > [Referrer settings] from the channel list on the left or from the channel card.
- Select the policy that suits your service purpose.
- [Play only on specific domains]: Enter the domain address to allow, then click [+] to add it to the list.
- [Block only on specific domains]: Enter the domain address to restrict, then click [+] to add it to the list.
- [Block if no referrer]: Enable the checkbox to block all requests where the origin information is hidden due to direct URL entry or security programs.
Using Wildcards (#)If registering multiple subdomains one by one is cumbersome, you can replace variable string segments with the # symbol.
Example:player.a.example.com,player.b.example.com→player.#.example.com - After a final review of the domain list, click [Save].