Hotlink protection before proxy when using proxy_pass?
randallk867 at 123mail.org
randallk867 at 123mail.org
Fri May 25 18:51:13 UTC 2012
> or use nested locations (I think it should work):
That failed to work, still getting the same errors :-/
> So you either have to duplicate the proxy_* block:
I switched to
location ~* \.(png|gif|jpg|jpeg|swf|ico)(\?[0-9]+)?$ {
valid_referers none blocked dev.local.lan
*.dev.local.lan;
if ($invalid_referer) {
return 403;
}
proxy_pass http://PROXY;
proxy_redirect off;
...
}
location / {
proxy_pass http://PROXY;
proxy_redirect off;
...
}
and for valid referrer (e.g., visiting the site from
mach2.dev.local.lan), the site renders correctly, and I can 'grab' all
image files for hotlinking.
BUT, I'm still able to hotlink to (for example)
http://dev.local.lan/favicon.ico
from a !whitelisted machine, e.g. visiting from other.other.lan.
RandyK
More information about the nginx
mailing list