Nginx Valid Referer - Access Control - Help Wanted

Francis Daly francis at
Fri Feb 7 00:09:02 UTC 2020

On Thu, Feb 06, 2020 at 06:02:50PM -0500, AshleyinSpain wrote:

Hi there,

> > > server {
> > >    location /radio/ {
> > >        valid_referers none blocked server_names ~\.mysite\.;
> > >        if ($invalid_referer) { return 403; }
> > >    }
> > > }

> I deleted the 'none' and 'blocked' and no difference still not blocking
> direct access to the URL
> Tried adding it in its own block and adding it to the end of an existing
> block neither worked
> Is the location /radio/ part ok
> I am trying to block direct access to any URL with a directory /radio/
> The URLs look like sub.domain.tld/radio/1234/mytrack.mp3?45678901

In nginx, one request is handled in one location.

If /radio/ is the location that you configured to handle this request,
then the config should apply.

If you have, for example, "location ~ mp3", then *that* would probably
be the location that is configured to handle this request (and so that
is where this "return 403;" should be.

You could try changing the line to be "location ^~ /radio/ {", but
without knowing your full config, it is hard to know if that will fix
things or break them.

> I need it so the URL is only served if a link on *.mysite.* is clicked ie
> the track is only played through an html5 audio player on mysite

That is not a thing that can be done reliably.

If "unreliable" is good enough for you, then carry on. Otherwise, come
up with a new requirement that can be done.


Francis Daly        francis at

More information about the nginx mailing list