Problem with Direct-Linking-Prevention

António P. P. Almeida appa at perusio.net
Wed Aug 24 18:29:21 UTC 2011


On 23 Ago 2011 10h00 WEST, tamashii at jeranet.at wrote:

> Hello!
>
> Yesterday I've switched from Apache2 to Nginx - and ran into some 
> problems with the rewrite Rules.
>
> I tried to do something like:
>
> SetEnvIf Referer mydomain\.com localreferer
> <FilesMatch \.(rar|zip)$>
> Order deny,allow
> Deny from all
> Allow from env=localreferer
> </FilesMatch>
>
> (Which worked on Apache.)
>
> And I came up with this:
>
> ## Stop Download Hijacking
> location ~* (\.rar|\.zip)$ {
> if ($http_referer !~ 
> ^(http://www.mydomain.com|http://mydomain.com) ) {
> return 444;
> }
> }

Cf. http://wiki.nginx.org/NginxHttpRefererModule

Try:


## No download hijacking.
location ~* \.(?:rar|zip)$ {

    valid_referers none blocked www.mydomain.com mydomain.com {
        if ($invalid_referer) {
          return 444;
        }
    }
}

--- appa



More information about the nginx mailing list