restrict apk file download from other domain hotlinking

i have an apk downloading website, and i am using nextcloud as file hosting, i have one problem when i update my apk files other people just copying my apk file URL and past in there website.

i want only download these apk files from my website/domain only. if someone make hotlinking of these apk return 403 or 404 etc.

is that possible

i see some site using nextlcloud and the download url is like bellow

these parameters are extra in url part after /download ?h=yPsXQw11Y9ipTuG6cuZswA&e=1679327122
how it works and how can I implement in on my nextcloud.


sorry for my bad english.

hello @apkdlpw welcome to the forum :handshake:

the question is not related to Nextcloud application likely in more generic web hosting forum you get better advice. I don’t think you can prevent downloading public accessible files using deeplinks. Depending on the technique used you can try checking if there is REFERRER header or block loading your site as iframe. But in my eyes this will not address all use cases. AFAIK the only way to control who can access the files is creating password protected shares.

i know that we can prevent access, but the i can’t manage the files, nextcloud is very powerful for file sharing, here an example of nextcloud

after some time the file will stop working from hotlinking domain but from main website its still downloading because they updating these 2 parameters ?h=h09bzN1UwUg-mC7lxuZdaw&e=1679374532

any solution?