I have android app, that makes http request to get files on my server, I had to migrate all my data to new server, but i still see many get requests on old server, which mean someone stole my links, or my app it self.
I'm currently using NGINX (I can change to Apache) to serve these files, My question: Is there a way to allow accessing these files from only a single mobile app, based on package name for example ?
Currently, I'm serving files as hot link, example : www.xxx.com/abc.mp4
I read about setting a new user-agent in requests, so that i can allow/deny access based on that value, but if someone tries to reverse engineering my app and re-build it, he can use same user-agent.
So, Please advise if there is an optimal or better solution.
Thanks,
You could disable direct file access and expose some services that send files in their response. By this way you could add some logic to protect your files. I don't know if your app uses some authentication process, you may add some certificate or something else