Hotlink protection before proxy when using proxy_pass?

Reinis Rozitis r at roze.lv
Fri May 25 16:27:45 UTC 2012


> The anti-hotlink stanza IS having an effect, just not the one I want.
> What do I need to correct?

It is because the regular expression locations are matched  first  ( http://wiki.nginx.org/HttpCoreModule#location ).

As in:

location ~* \.(png|gif|jpg|jpeg|swf|ico)(\?[0-9]+)?$ {
is processed first and since nginx doesn't merge/apply directives from multiple (matching) location blocks the proxy_pass defined in 
'location /' is not effective.


So you either have to duplicate the proxy_* block:

location ~* \.(png|gif|jpg|jpeg|swf|ico)(\?[0-9]+)?$ {
    valid_referers none blocked dev.local.lan *.dev.local.lan;

    if ($invalid_referer) {
             return   403;
    }
    proxy_pass            http://PROXY;
    proxy_redirect         off;
    .....
}


or use nested locations (I think it should work):


location / {
   proxy_pass            http://PROXY;
   proxy_redirect         off;
   .....

    location ~* \.(png|gif|jpg|jpeg|swf|ico)(\?[0-9]+)?$ {
         valid_referers none blocked dev.local.lan *.dev.local.lan;
         if ($invalid_referer) {
             return   403;
        }
}



rr



More information about the nginx mailing list