Prevent hotlinking

Michael Shadle mike503 at gmail.com
Sun Apr 12 23:05:53 MSD 2009 

Possibly could be based on the player. I'm sure you can code in the  
headers.

On Apr 12, 2009, at 12:00 PM, Gabriel Ramuglia <gabe at vtunnel.com> wrote:

> Flash players may or may not send referrers. It seems to vary based on
> the web browser used. Documentation for flash would lead me to believe
> that it never sends referrers, but practical experience shows that
> this is not true, it does sometimes send headers, and sometimes not,
> in a mostly unpredictable way.
>
> On Sun, Apr 12, 2009 at 11:44 AM, Michael Shadle <mike503 at gmail.com>  
> wrote:
>> And video embedding is infamous for not sending info. At least  
>> windows media
>> player type embedding. Not sure if flash players are better.
>>
>> On Apr 12, 2009, at 11:35 AM, Gabriel Ramuglia <gabe at vtunnel.com>  
>> wrote:
>>
>>> Your browser will almost always send referrers. As mentioned,
>>> sometimes a security suite will block referrers. Sometimes flash  
>>> won't
>>> send referrers when it makes requests (sometimes it will). You just
>>> want to also allow blank referrers in addition to the "correct"
>>> referrers.
>>>
>>> On Sun, Apr 12, 2009 at 10:41 AM, Max <maxbear at gmail.com> wrote:
>>>>
>>>> Hello,
>>>>
>>>> Thanks. I tried that. But it's still not working. I am using  
>>>> wordpress.
>>>> Don't know what referrer header wordpress send.
>>>>
>>>> Max
>>>>
>>>> On Mon, Apr 13, 2009 at 12:40 AM, Michael Shadle  
>>>> <mike503 at gmail.com>
>>>> wrote:
>>>>>
>>>>> Try
>>>>>
>>>>> "valid_referers none blocked *.etc.com etc"
>>>>>
>>>>> perhaps you're not sending a referrer header. Some "internet  
>>>>> security
>>>>> suites" do that for "privacy" and I hate them. or malfunctioning
>>>>> browsers or some browsers include that option now.
>>>>>
>>>>> that's the only thing I see wrong there.
>>>>>
>>>>> On Sun, Apr 12, 2009 at 8:45 AM, Max <maxbear at gmail.com> wrote:
>>>>>>
>>>>>> Hello all,
>>>>>>
>>>>>> I tried to use the following code to prevent hotlinking. But it  
>>>>>> blockes
>>>>>> myself as well, anyone got any idea?
>>>>>>
>>>>>> location ~* (\.jpg|\.png|\.css)$ {
>>>>>>    valid_referers blocked domain.com *.domain.com;
>>>>>> if ($invalid_referer) {
>>>>>> return 404;
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> Max
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>

More information about the nginx mailing list