I have the fallowing configuration to disable hotlinking on nginX.

        location / {
        root   /var/www/html;
        index  index.html index.htm;

    location ~ \.(xml|jpg|jpeg)$  {
         root /var/www/html;
         valid_referers  none blocked  www.domain.com dev.domain.net;
         if ($invalid_referer)  {
              return 444;

I have reloaded nginX several times and I am still able to access images from facebook. I have several folders within /var/www/html.

Am I missing something?

2 Answers2


Not sure if you know , but there is a bug in nginx and if that code is in separate file (not nginx.conf , reloading won't get the changes in included file; you will need to stop/start the nginx.

Also a bit change in logic, since you listed valid referrers wouldn't it be better to say

if (!$valid_referrer)

Hrvoje Špoljar
  • 5,162
  • 25
  • 42

Check refer in access log:

IP - - [20/Feb/2011:20:11:51 +0000] "GET /GET HTTP/1.1" 200 3710 "REFER" "USER_AGENT"


  • none means the absence of "Referer" header.
  • blocked means masked Referer header by firewall(non http(s))
  • 10,874
  • 1
  • 31
  • 31