Hotlink Protection Problem

Maxim Dounin mdounin at mdounin.ru
Tue Jun 9 12:24:55 MSD 2009


Hello!

On Tue, Jun 09, 2009 at 03:49:39AM -0400, jerleung wrote:

> I was trying to prevent hotlinking for http://mydomain.com/photos/
> 
> then I use the following in nginx.conf
> 
>                 location ~ /photos/ {
>                         valid_referers none blocked server_names;
>                         if ($invalid_referer) {
>                         return 403;
>                   }
>                 }
> 
> I found that it will block hotlinking from other sites and return 403. However, it will return 404 when the referer is mydomain.com
> 
> After testing for quite some time, I found that the following will work 
> 
>                 location ~ /upload/ {

Any reason to use "~"?  It does regexp matching instead of prefix 
one and shouldn't be used unless required.

>                         root /home/domainuser/domains/mydomin.com/public_html;
>                         valid_referers none blocked server_names;
>                         if ($invalid_referer) {
>                         return 403;                  }
>                 }
> 
> It only works when I add root to it. Yet, most tutorial does not state that. Is it a buy on nginx 0.7.59 or I have set something wrong in the nginx.conf so that I have to add the root?

Normally root is inherited from upper configuration levels.  E.g. 
you may specify root once for server{}:

    server {
        server_name  mydomain.com;
        root  /home/domainuser/domains/mydomin.com/public_html;

        location / {
            ...
        }

        location /upload/ {
            valid_referers none blocked server_names;
            if ($invalid_referer) {
                return 403;
            }
        }
    }

Maxim Dounin





More information about the nginx mailing list