Hotlink protection before proxy when using proxy_pass?
Reinis Rozitis
r at roze.lv
Fri May 25 16:27:45 UTC 2012
> The anti-hotlink stanza IS having an effect, just not the one I want.
> What do I need to correct?
It is because the regular expression locations are matched first ( http://wiki.nginx.org/HttpCoreModule#location ).
As in:
location ~* \.(png|gif|jpg|jpeg|swf|ico)(\?[0-9]+)?$ {
is processed first and since nginx doesn't merge/apply directives from multiple (matching) location blocks the proxy_pass defined in
'location /' is not effective.
So you either have to duplicate the proxy_* block:
location ~* \.(png|gif|jpg|jpeg|swf|ico)(\?[0-9]+)?$ {
valid_referers none blocked dev.local.lan *.dev.local.lan;
if ($invalid_referer) {
return 403;
}
proxy_pass http://PROXY;
proxy_redirect off;
.....
}
or use nested locations (I think it should work):
location / {
proxy_pass http://PROXY;
proxy_redirect off;
.....
location ~* \.(png|gif|jpg|jpeg|swf|ico)(\?[0-9]+)?$ {
valid_referers none blocked dev.local.lan *.dev.local.lan;
if ($invalid_referer) {
return 403;
}
}
rr
More information about the nginx
mailing list