Restrict public share links to specific domain

Hello, is there any option or setting to restrict public share links to specific domains

e.g: I have a mobile apk app store website and i am using nextcloud to manage the apk files, when I upload the latest apk and share the link on my website, lots of other website owners just copy my link and paste in their websites.

I want to restrict public share links to download from my domains only.

is it possible?

sorry for my bad english.


No. Public share links are by definition unauthenticated.

read this restrict apk file download from other domain hotlinking

It says basically what I just told you. Public share links are unauthenticated. Anyone who has the link can download the file. Nextcloud has no way of knowing what website they found the link posted on…

the link which I share with you, dynamic after /download? and integrated with WordPress. the link auto-changing after 1 hour. and you can’t download it without the h= and e= parameters.

and the the h= and e= parameters are dynamics.

Post deleted from me (devnull) because the code was not useful.

Thanks for the detailed reply. but i am using nextcloud and there is lots of file in nextcloud and I am using cloudpanel nginx server.

i tried this but its working for direct apk files but not nextcloud share link

location ~ .(apk|xapk|zip|obb)$ {
    valid_referers none blocked *;
     if ($invalid_referer) {
        return 403;

how can i prevent nextcloud public share link?

You can rename shares with ShareRenamer. Maybe it helps you. Perhaps you can include “apk” in all shares and then deny it from nginx or Nextcloud .htaccess.

Then maybe what you need to do is host these apk files on a separate virtual host outside of Nextcloud. You can set it up as external storage and still manage the files through Nextcloud.

You’re asking how to authenticate access to a public share link based on where they found the link. This is not something that Nextcloud was designed to do.