Problem with Hotlink Protection

António P. P. Almeida appa at perusio.net
Sat Sep 17 22:49:01 UTC 2011


On 16 Set 2011 19h47 WEST, nginx-forum at nginx.us wrote:

> Thank you both! I totally agree with you, but as soon as I restrict
> referer checking to the image.php script only, there is a flaw
> appearing: image.php then gets downloaded by the browser instead of
> displaying it. Do you have any idea why this happens? It would be
> great if I could restrict the check only to this one .php file, but
> - as said
> - it does not work here...

No I don't. If you replicated the FastCGI stuff it should work. The
request should be sent upstream to the FastCGI listener that you have
on port 9000.

Your config had a strange thing. You used a try_files directive. That
doesn't make sense unless you're serving the file directly or using
another location (try_files does an internal redirect).

My suggestion omitted that. The $fastcgi_script_name variable takes as
value the $uri. In this case image.php.

If you request
http://www.mydomain.com/image.php?twg_album=album-05900-05999&twg_show=image-05995.jpg

this location is used and the request is handled upstream bu the
FastCGI process that will use image.php and whatever arguments you
give.

--- appa



More information about the nginx mailing list