Hotlinking protection not working on firefox 28.0!

Hello,

    hotlinking protection works fine with chrome and gives 403

forbidden error but somehow it is not working for firefox clients and
plays
the forbidden video without restrictions. Following is the config :

server {
listen 80;
server_name lwx006.domain.com lwx006.gear3rd.net
lwx006.gear3rd.com
;

limit_conn perip 2;

    limit_rate 600k;
#    access_log  /websites/theos.in/logs/access.log  main;

    location / {
        root   /var/www/html/domain;
        index index.html index.htm index.php;

}

location ~ .(flv|jpg|jpeg)$ {
flv;
root /var/www/html/domain;

limit_conn addr 5;

limit_req zone=one burst=12;

aio on;

directio 512;

output_buffers 1 512k;

            expires 7d;

valid_referers none blocked domain.com *.domain.com *.

facebook.com *.twitter.com tunemedia.tv www.tunemedia.tv
embed.tunemedia.tv;
valid_referers none blocked domain.com *.domain.com *.
facebook.com *.twitter.com *.domain.com *.gear3rd.net tunemedia.tv
www.tunemedia.tv embed.tunemedia.tv;
if ($invalid_referer) {
return 403;
}
}
location ~ -720.(mp4)$ {
mp4;
expires 7d;
limit_rate 2000k;
root /var/www/html/domain;

valid_referers none blocked domain.com *.domain.com

*.
facebook.com *.twitter.com tunemedia.tv www.tunemedia.tv
embed.tunemedia.tv;
valid_referers none blocked domain.com *.domain.com *.
facebook.com *.twitter.com *.domain.com *.gear3rd.net tunemedia.tv
www.tunemedia.tv embed.tunemedia.tv;
if ($invalid_referer) {
return 403;
}
}
location ~ -480.(mp4)$ {
mp4;
expires 7d;

limit_rate 250k;

            root /var/www/html/domain;

valid_referers none blocked domain.com *.domain.com

*.
facebook.com *.twitter.com tunemedia.tv www.tunemedia.tv
embed.tunemedia.tv;
valid_referers none blocked domain.com *.domain.com *.
facebook.com *.twitter.com *.domain.com *.gear3rd.net tunemedia.tv
www.tunemedia.tv embed.tunemedia.tv;
if ($invalid_referer) {
return 403;
}
}

location ~ -360.(mp4)$ {
mp4;
expires 7d;

limit_rate 250k;

            root /var/www/html/domain;

valid_referers none blocked domain.com *.domain.com

*.
facebook.com *.twitter.com tunemedia.tv www.tunemedia.tv
embed.tunemedia.tv;
valid_referers none blocked domain.com *.domain.com *.
facebook.com *.twitter.com *.domain.com *.gear3rd.net tunemedia.tv
www.tunemedia.tv embed.tunemedia.tv;
if ($invalid_referer) {
return 403;
}
}

location ~ .(mp4)$ {
mp4;
root /var/www/html/domain;

limit_conn addr 40;

limit_req zone=one burst=4;

aio on;

directio 4m;

output_buffers 1 128k;

            expires 7d;

valid_referers none blocked domain.com *.domain.com *.

facebook.com *.twitter.com tunemedia.tv www.tunemedia.tv
embed.tunemedia.tv;
valid_referers none blocked domain.com *.domain.com
.facebook.com.
twitter.com *.domain.com *.gear3rd.net tunemedia.tv www.tunemedia.tv
embed.tunemedia.tv;
if ($invalid_referer) {
return 403;
}
}

pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

    location ~ \.php$ {
        root /var/www/html/domain;
        fastcgi_pass   127.0.0.1:9000;
       fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME

$document_root$fastcgi_script_name;
include fastcgi_params;
}

    location ~ /\.ht {
        deny  all;
    }

}

Help will be highly appreciated !!

Regards.
Shahzaib

On Mon, Mar 24, 2014 at 12:14:20PM +0500, shahzaib shahzaib wrote:

Hi there,

    hotlinking protection works fine with chrome and gives 403

forbidden error but somehow it is not working for firefox clients and plays
the forbidden video without restrictions. Following is the config :

Using tcpdump or by other means, can you see:

  • what request does the chrome client make that leads to the 403?

  • what request does the firefox client make that leads to the video
    being played?

  • what is different between the two?

Pay particular attention to the “Referer:” request header.

f

Francis D. [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs