diff --git a/6.Nginx/vhost_mediaserver-msuser.conf b/6.Nginx/vhost_mediaserver-msuser.conf
index 692427aded5b969a479cef456023a191a755f1f1..d47deb41a7adae1e0e3d596cbd5caeea22d22ebd 100644
--- a/6.Nginx/vhost_mediaserver-msuser.conf
+++ b/6.Nginx/vhost_mediaserver-msuser.conf
@@ -26,11 +26,21 @@ server {
 	access_log /var/log/nginx/access_msuser.log;
 	error_log /var/log/nginx/error_msuser.log;
 
+	location /static {
+		expires 30d;
+		add_header Pragma public;
+		add_header Cache-Control "public";
+	}
 	location /public {
 		expires 30d;
 		add_header Pragma public;
 		add_header Cache-Control "public";
 	}
+	location /crossdomain {
+		expires 30d;
+		add_header Pragma public;
+		add_header Cache-Control "public";
+	}
 	location /resources {
 		location ~ \.ts$ {
 		}
@@ -47,40 +57,35 @@ server {
 			return 403;
 		}
 	}
-	location /static {
-		expires 30d;
-		add_header Pragma public;
-		add_header Cache-Control "public";
-	}
-	location /crossdomain {
-		expires 30d;
-		add_header Pragma public;
-		add_header Cache-Control "public";
-	}
-	location ~ ^/streaming/.*\.m3u8.*$ {
+	location /streaming/ {
+		location ~ \.m3u8$ {
 			rewrite ^/streaming/(.*)$ /live/$1 break;
 			proxy_pass http://localhost:1935;
+			add_header Access-Control-Allow-Origin "*";
+			add_header X-Cache $upstream_cache_status;
+			expires -1;
 			proxy_cache livecache;
+			proxy_cache_key $scheme$proxy_host$uri;
 			proxy_cache_lock on;
-			expires -1;
 			proxy_cache_min_uses 1;
-			proxy_cache_valid 200 1s;
-			add_header X-Cache $upstream_cache_status;
-			add_header Access-Control-Allow-Origin "*";
-			proxy_cache_key $scheme$proxy_host$uri;
 			proxy_cache_use_stale updating;
-	}
-	location ~ /streaming/.*\.(ts).*$ {
+			proxy_cache_valid 200 1s;
+		}
+		location ~ \.ts$ {
 			rewrite ^/streaming/(.*)$ /live/$1 break;
 			proxy_pass http://localhost:1935;
+			add_header Access-Control-Allow-Origin "*";
+			add_header X-Cache $upstream_cache_status;
+			expires 2s;
 			proxy_cache livecache;
+			proxy_cache_key $scheme$proxy_host$uri;
 			proxy_cache_lock on;
-			expires 2s;
 			proxy_cache_min_uses 1;
 			proxy_cache_valid 200 10s;
-			add_header X-Cache $upstream_cache_status;
-			add_header Access-Control-Allow-Origin "*";
-			proxy_cache_key $scheme$proxy_host$uri;
+		}
+		# only urls to ts and m3u8 files are allowed, discard any requested path for other urls
+		rewrite ^/streaming/(.*)$ /live/ break;
+		proxy_pass http://localhost:1935/live/;
 	}
 	location / {
 		uwsgi_pass unix:///home/msuser/mstmp/uwsgi.sock;