Problem with Direct-Linking-Prevention

Tamashii tamashii at jeranet.at
Tue Aug 23 09:00:30 UTC 2011


Hello!

Yesterday I've switched from Apache2 to Nginx - and ran into some 
problems with the rewrite Rules.

I tried to do something like:

SetEnvIf Referer mydomain\.com localreferer
<FilesMatch \.(rar|zip)$>
         Order deny,allow
         Deny from all
         Allow from env=localreferer
</FilesMatch>

(Which worked on Apache.)

And I came up with this:

         ## Stop Download Hijacking
         location ~* (\.rar|\.zip)$ {
                 if ($http_referer !~ 
^(http://www.mydomain.com|http://mydomain.com) ) {
                         return 444;
                 }
         }

Whole config for this server is:

server {
         root /home/mydomain/files;
         index index.php index.html;
         server_name download.mydomain.com;

         ## Stop Download Hijacking
         location ~* (\.rar|\.zip)$ {
                 if ($http_referer !~ 
^(http://www.mydomain.com|http://mydomain.com) ) {
                         return 444;
                 }
         }
         location / {
                 try_files $uri $uri/ /index.php;
         }

         include /etc/nginx/php;
}

Problem is - it seems to do nothing at all ... I can type a download 
link into my browser and it loads (should block that unless it was 
refered from mydomain).

Has anyone any ideas?

Thanks in advance!
Alexander



More information about the nginx mailing list