Из ленты dev.to devops — кратко, чтобы не потерять.
Video hotlinking is a silent budget killer. Every unauthorized embed pulls bandwidth directly from your origin server, bypasses your paywall, and degrades the experience for paying users. The Nginx Secure Link module solves this natively at the edge—no middleware, no token server, no extra latency. It validates incoming video requests by computing an MD5 hash from a secret key, the request URI, the client IP, and an expiration timestamp all inside Nginx itself. Requests with a missing, mismatched, or expired hash are rejected with a 403 or 410 before a single byte of video is read from disk. Key Takeaways Zero application-layer overhead: Nginx validates tokens natively at the edge. Non-transferable tokens: Security relies on a server-side secret combined with the client IP + expiry timesta
Полный текст и контекст у первоисточника: https://dev.to/bytesrack/how-to-implement-tokenized-hls-streaming-using-the-nginx-secure-link-module-5ajd