We're running some nginx servers hosting videos (in an educational institution). The files are stored as mp4s on disk and browsers either keep a TCP connection open and read video data as they need, or close the connection and send the next HTTP range request. The latter is preferably used when users seek in the video.
Range requests works fine as long as the video the browser is playing is still available to the user. Authorization and availability may change, resulting in a 403 or 404 response to a range request, respectively.
We are monitoring our servers and noticed that Apple's Safari won't understand the 403 and 404 response codes. It retries retrieving the next segment of the video in spite it just got a 403 or 404 response, resulting in request floods with 400-ish response codes, which triggers alerts. We'd like to keep the alerts in place because they could indicate a misconfiguration on our side, too.
How can we tell Safari not to send a request flood so we won't get false alerts? We are in theory in control of the web application that's embedding the videos but making changes there usually means more efforts compared to server configuration.
[already reported this to Apple; they didn't respond]
