Hotlink Protection Problem
Maxim Dounin
mdounin at mdounin.ru
Tue Jun 9 12:24:55 MSD 2009
Hello!
On Tue, Jun 09, 2009 at 03:49:39AM -0400, jerleung wrote:
> I was trying to prevent hotlinking for http://mydomain.com/photos/
>
> then I use the following in nginx.conf
>
> location ~ /photos/ {
> valid_referers none blocked server_names;
> if ($invalid_referer) {
> return 403;
> }
> }
>
> I found that it will block hotlinking from other sites and return 403. However, it will return 404 when the referer is mydomain.com
>
> After testing for quite some time, I found that the following will work
>
> location ~ /upload/ {
Any reason to use "~"? It does regexp matching instead of prefix
one and shouldn't be used unless required.
> root /home/domainuser/domains/mydomin.com/public_html;
> valid_referers none blocked server_names;
> if ($invalid_referer) {
> return 403; }
> }
>
> It only works when I add root to it. Yet, most tutorial does not state that. Is it a buy on nginx 0.7.59 or I have set something wrong in the nginx.conf so that I have to add the root?
Normally root is inherited from upper configuration levels. E.g.
you may specify root once for server{}:
server {
server_name mydomain.com;
root /home/domainuser/domains/mydomin.com/public_html;
location / {
...
}
location /upload/ {
valid_referers none blocked server_names;
if ($invalid_referer) {
return 403;
}
}
}
Maxim Dounin
More information about the nginx
mailing list