Preventing hotlinking at "http" level, not server by server..

pk899 nginx-forum at
Wed May 16 10:22:41 UTC 2012

Hi. There are many code samples on the web for simple hotlinking. 

I have some questions on how to do this in a better way, and all my
trial code has not worked, so hope some Nginx guru here can help. 

Here's what I am looking for: 

1. Firstly, I would like the blocking to happen at a server-wide level.
Nginx is on a dedicated server, and there are many "server" vhost tags
in a folder. I prefer not to have to write the blocking code for every
server individually. Is this possible at an "http" level? What's the
code for that. 

2. Secondly, I have about 35 domains and many subdomains. I don't want
them to be in one long line. But all my "vhost" server tags are inside a
directory. Can I somehow specify Nginx to allow all those domains whose
server definitions are in a folder? (/etc/nginx/vhosts) 

3. Will the "IF" condition slow down my Nginx? I remember reading that
Nginx does not like IF conditions. 

4. I want to allow some additional domains like Google and Facebook and
Pinterest. What's a good way to include this in the allowable list. 

5. Finally, if I do have to include this directive in each "server"
block for each of my domains, can I at least bundle the commands for
these type of files as such: 

    location ~* \.(png|gif|jpg|jpeg|swf|ico|)$ {
      expires 7d;
      try_files $uri @backend;
      valid_referers none blocked ~\.google\.
~\.yahoo\. ~\.bing\. ~\.facebook\. ~\.fbcdn\.;
      if ($invalid_referer) {
        return 403;


Posted at Nginx Forum:,226491,226491#msg-226491

More information about the nginx mailing list