What's new

Tutorial How to protect against image hot linking in Nginx Web Server

Status
Not open for further replies.

Draft

Administrator
Administrator
Joined
Jan 23, 2011
Posts
16,286
Solutions
104
Reaction
64,687
Points
10,618
I had two options: 1. Configure Nginx to refuse to serve images to the thief; 2. Serve a special image that tells the whole universe that the owner of the website they are viewing is a parasite. Because majority of the articles published on this site tend to be image-heavy, serving a special image that delivers a message will have the same impact on my bandwidth, so I chose option number 1.

In the site’s config file, I put this in the server{} context:

location ~* \.(jpg|jpeg|png)$ {
valid_referers none blocked phcorner.net phcorner.net;
if ($invalid_referer) {
return 403;
}
}

That works. Every image hotlinked from this website will just show the “alt” text on the thief’s website, with a lot of white space where the image is supposed to be. Any attempt to view the image will return a “403 Forbidden” error page. I’m pretty sure that’s the best configuration to use, but if you know of a better manner of setting it up, please post a comment.

The other option, which I did not use, is this:


location ~* \.(jpg|jpeg|png)$ {
valid_referers none blocked phcorner.net phcorner.net;
if ($invalid_referer) {
rewrite (.*)\.(jpg|jpeg|png|gif)$ https://phcorner.net/parasite.png last;
}
}

That rewrite line can be tricky to pull off, so be careful if you want to consider using it. If the message and the color combination seems a bit harsh, that tells you how I feel about the offender. For now, a “403 Forbidden” will do.
 
Status
Not open for further replies.
Back
Top