nginx hotlink protection for missing referer, but allow direct URL request

Asked Nov 23 '18 at 14:18

Active Nov 23 '18 at 14:24

Viewed 829 times

I'm using the following hotlink protection for Nginx I found from this page:

https://nixcp.com/anti-hotlinking-nginx/

I use this code:

location ~* \.(gif|jpg|jpeg|png|webp|svg|ico)$ {

valid_referers none blocked mysite.com ~.mysite.com server_names ~($host);
    if ($invalid_referer) {
        return  403;
    } 
}

When I remove "none" from the valid_referers to prevent pages that hotlink without referer, I noticed this also affects direct URL requests from browser URL bar.

My question is: is there any way to block websites that hotlink and send requests with the “Referer” field is missing in the request header; but at the same time allow direct URL requests from the browser?

Thanks!

edited Nov 23 '18 at 14:24

asked Nov 23 '18 at 14:18

Steven Vorchk

Direct requests are the only case when there is no referrer. What case are you trying to prevent? – Gerald Schneider Nov 23 '18 at 14:21
Well, some pages are hotlinking my images sending requests with missing referers. I want to block those pages, but at the same time be able to request any image URL by the browser if I need to. – Steven Vorchk Nov 23 '18 at 14:22
@GeraldSchneider a website can hotlink without referrer this way: – Daniel Jul 17 '20 at 05:51

nginx hotlink protection for missing referer, but allow direct URL request

0 Answers0