Vesta 2.0 is coming soon! See our progress update: https://vestacp.com/docs/vesta-2-update
Prevent hotlinking w/ nginx support
Prevent hotlinking w/ nginx support
Sorry guys, Im a newbie on this kind of customization.
I'm trying to prevent hotlinking with nginx support simply addin this to my conf file. (/home/$user/conf/web/nginx.conf):
location ~ \.(jpe?g|png|gif)$ {
valid_referers none blocked mydomain.com *.mydomain.com;
if ($invalid_referer) {
return 403;
}
}
adding this in here:
server {
listen 104.236.196.70:80;
server_name mydomain.com http://www.mydomain.com;
error_log /var/log/apache2/domains/mydomain.com.error.log error;
location ~ \.(jpe?g|png|gif)$ {
valid_referers none blocked mydomain.com *.mydomain.com;
if ($invalid_referer) {
return 403;
}
}
location / {
proxy_pass http://104.236.196.70:8080;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx$
root /home/vitorsemc/web/mydomain.com/public_html;
access_log /var/log/apache2/domains/mydomain.com.log combined;
access_log /var/log/apache2/domains/mydomain.com.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
Does anyone know what am I doing wrong?
Thanks a bunch.
I'm trying to prevent hotlinking with nginx support simply addin this to my conf file. (/home/$user/conf/web/nginx.conf):
location ~ \.(jpe?g|png|gif)$ {
valid_referers none blocked mydomain.com *.mydomain.com;
if ($invalid_referer) {
return 403;
}
}
adding this in here:
server {
listen 104.236.196.70:80;
server_name mydomain.com http://www.mydomain.com;
error_log /var/log/apache2/domains/mydomain.com.error.log error;
location ~ \.(jpe?g|png|gif)$ {
valid_referers none blocked mydomain.com *.mydomain.com;
if ($invalid_referer) {
return 403;
}
}
location / {
proxy_pass http://104.236.196.70:8080;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx$
root /home/vitorsemc/web/mydomain.com/public_html;
access_log /var/log/apache2/domains/mydomain.com.log combined;
access_log /var/log/apache2/domains/mydomain.com.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
Does anyone know what am I doing wrong?
Thanks a bunch.
Re: Prevent hotlinking w/ nginx support
Hello,
I also would like to know how to properly do this by adding to the nginx.conf file.
For me, when (from within the vestacp, or via ssh) adding the following to the nginx config file:
location ~ .(gif|png|jpeg|jpg|svg)$ {
valid_referers none blocked ~.google. ~.bing. ~.yahoo. yoursite.com *.yoursite.com;
if ($invalid_referer) {
return 403;
}
}
It instantly breaks nginx, and i have to remove it to reboot nginx successfully.
I have found a few hotlinked images taken from several of our sites by visiting google.com/images and typing the following into the image search field: url:yourdomain.com -site:yourdomain.com
Further to this conversation, because apache is used for the backend, and nginx for serving the frontend, adding rewrite conditions to the .htaccess file for a particular site doesn't seem to have any effect in curbing the hotlinking. So my conclusion is that it has to be done through the nginx.conf file or a "custom" .conf file. Is this correct? And if so, how should this be done?
Thank you for your help.
I also would like to know how to properly do this by adding to the nginx.conf file.
For me, when (from within the vestacp, or via ssh) adding the following to the nginx config file:
location ~ .(gif|png|jpeg|jpg|svg)$ {
valid_referers none blocked ~.google. ~.bing. ~.yahoo. yoursite.com *.yoursite.com;
if ($invalid_referer) {
return 403;
}
}
It instantly breaks nginx, and i have to remove it to reboot nginx successfully.
I have found a few hotlinked images taken from several of our sites by visiting google.com/images and typing the following into the image search field: url:yourdomain.com -site:yourdomain.com
Further to this conversation, because apache is used for the backend, and nginx for serving the frontend, adding rewrite conditions to the .htaccess file for a particular site doesn't seem to have any effect in curbing the hotlinking. So my conclusion is that it has to be done through the nginx.conf file or a "custom" .conf file. Is this correct? And if so, how should this be done?
Thank you for your help.