Problem with Hotlink Protection
António P. P. Almeida
appa at perusio.net
Wed Sep 14 19:56:45 UTC 2011
On 14 Set 2011 17h22 WEST, nginx-forum at nginx.us wrote:
> Dear Francis,
>
> thank you very much indeed for taking the time to help me out. It
> seems that - with your help - I made it! :-) I inserted the
> "invalid_referrer" check within the "location ~* \.php$" block like
> you suggested and it works like a charm now!
>
> It looks like this:
> <-- SNIP -->
> location ~ \.php(.*)$ {
> valid_referers server_names;
> if ($invalid_referer) {
> return 403;
> }
>
> include fastcgi_params;
> fastcgi_intercept_errors on;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
> try_files $uri =404;
> fastcgi_pass 127.0.0.1:9000;
> error_page 404 /404page.html; #makes nginx return it's default 404
> # page instead of a blank page
>
I think that Francis suggestion is one that you should
consider. Restrict the referer checking to the image.php script only.
location = /image.php {
valid_referers server_names;
if ($invalid_referer) {
return 403;
}
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
error_page 404 /404page.html; # makes nginx return it's default 404
# page instead of a blank page
}
HTH,
--- appa
More information about the nginx
mailing list