Hotlink Protection Problem


#1

I was trying to prevent hotlinking for http://mydomain.com/photos/

then I use the following in nginx.conf

            location ~ /photos/ {
                    valid_referers none blocked server_names;
                    if ($invalid_referer) {
                    return 403;
              }
            }

I found that it will block hotlinking from other sites and return 403.
However, it will return 404 when the referer is mydomain.com

After testing for quite some time, I found that the following will work

            location ~ /upload/ {
                    root 

/home/domainuser/domains/mydomin.com/public_html;
valid_referers none blocked server_names;
if ($invalid_referer) {
return 403; }
}

It only works when I add root to it. Yet, most tutorial does not state
that. Is it a buy on nginx 0.7.59 or I have set something wrong in the
nginx.conf so that I have to add the root?

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,2730,2730#msg-2730


#2

Hello!

On Tue, Jun 09, 2009 at 03:49:39AM -0400, jerleung wrote:

I found that it will block hotlinking from other sites and return 403. However, it will return 404 when the referer is mydomain.com

After testing for quite some time, I found that the following will work

            location ~ /upload/ {

Any reason to use “~”? It does regexp matching instead of prefix
one and shouldn’t be used unless required.

                    root /home/domainuser/domains/mydomin.com/public_html;
                    valid_referers none blocked server_names;
                    if ($invalid_referer) {
                    return 403;                  }
            }

It only works when I add root to it. Yet, most tutorial does not state that. Is it a buy on nginx 0.7.59 or I have set something wrong in the nginx.conf so that I have to add the root?

Normally root is inherited from upper configuration levels. E.g.
you may specify root once for server{}:

server {
    server_name  mydomain.com;
    root  /home/domainuser/domains/mydomin.com/public_html;

    location / {
        ...
    }

    location /upload/ {
        valid_referers none blocked server_names;
        if ($invalid_referer) {
            return 403;
        }
    }
}

Maxim D.


#3

Thanks Maxim. I have made one mistake. I read some tutorial on the web
and I have put root under location /

Really thanks for your reply.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,2730,2740#msg-2740