Restrict public share links to specific domain

Arman143 · April 11, 2023, 4:52pm

Hello, is there any option or setting to restrict public share links to specific domains

e.g: I have a mobile apk app store website and i am using nextcloud to manage the apk files, when I upload the latest apk and share the link on my website, lots of other website owners just copy my link and paste in their websites.

I want to restrict public share links to download from my domains only.

is it possible?

sorry for my bad english.

Thanks

KarlF12 · April 12, 2023, 1:25am

No. Public share links are by definition unauthenticated.

Arman143 · April 12, 2023, 4:38am

read this restrict apk file download from other domain hotlinking

KarlF12 · April 12, 2023, 4:43am

It says basically what I just told you. Public share links are unauthenticated. Anyone who has the link can download the file. Nextcloud has no way of knowing what website they found the link posted on…

Arman143 · April 12, 2023, 4:51am

the link which I share with you, dynamic after /download? and integrated with WordPress. the link auto-changing after 1 hour. and you can’t download it without the h= and e= parameters.

https://cdn2.apk-store.org/nextcloud/s/adJpLKMXrSsaiWN/download?h=h09bzN1UwUg-mC7lxuZdaw&e=1679374532

and the the h= and e= parameters are dynamics.

devnull · April 12, 2023, 7:24am

Post deleted from me (devnull) because the code was not useful.

Arman143 · April 12, 2023, 7:41am

Thanks for the detailed reply. but i am using nextcloud and there is lots of file in nextcloud and I am using cloudpanel nginx server.

i tried this but its working for direct apk files but not nextcloud share link

location ~ .(apk|xapk|zip|obb)$ {
    valid_referers none blocked example.com *.example.com;
     if ($invalid_referer) {
        return 403;
    }
}

how can i prevent nextcloud public share link?

devnull · April 12, 2023, 7:58am

You can rename shares with ShareRenamer. Maybe it helps you. Perhaps you can include “apk” in all shares and then deny it from nginx or Nextcloud .htaccess.

KarlF12 · April 12, 2023, 11:45am

Arman143:

i tried this but its working for direct apk files but not nextcloud share link
location ~ .(apk|xapk|zip|obb)$ {
    valid_referers none blocked example.com *.example.com;
     if ($invalid_referer) {
        return 403;
    }
}
how can i prevent nextcloud public share link?

Then maybe what you need to do is host these apk files on a separate virtual host outside of Nextcloud. You can set it up as external storage and still manage the files through Nextcloud.

You’re asking how to authenticate access to a public share link based on where they found the link. This is not something that Nextcloud was designed to do.

Arman143 · July 25, 2023, 5:24pm

you can explain how can i manage files via nextcloud and share them with static URL e.g www.domain.com/files/filename.apk

“Then maybe what you need to do is host these apk files on a separate virtual host outside of Nextcloud. You can set it up as external storage and still manage the files through Nextcloud.”