So I’ve created a firewall rule to block access to images and videos served from a cdn url, let’s use cdn.example.com
I’ve set the rules to be:
When hostname = cdn.example.com
AND
referrer does not contain example.com
AND
referrer does not contain admin.example.com
BLOCK
it was working, I couldn’t access the image urls directly but they loaded into the site which has the referrer as https://example.com in the browser
However a few minutes later the image wouldn’t load into the site either, I checked the developer tools and the network request clearly showed the correct referrer as https://rexample.com
So I tried the admin and the referrer was https://admin.example.com and the images didn’t load there either.
A few minutes later it worked again, then later it didn’t and so on. Like up and down like a yo-yo yet the referrer in the browser network tab was correct every time!
Sorry for the mess it won’t let me post the urls without quoting