We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Prevent hotlinking w/ nginx support
Prevent hotlinking w/ nginx support
Sorry guys, Im a newbie on this kind of customization.
I'm trying to prevent hotlinking with nginx support simply addin this to my conf file. (/home/$user/conf/web/nginx.conf):
location ~ \.(jpe?g|png|gif)$ {
valid_referers none blocked mydomain.com *.mydomain.com;
if ($invalid_referer) {
return 403;
}
}
adding this in here:
server {
listen 104.236.196.70:80;
server_name mydomain.com http://www.mydomain.com;
error_log /var/log/apache2/domains/mydomain.com.error.log error;
location ~ \.(jpe?g|png|gif)$ {
valid_referers none blocked mydomain.com *.mydomain.com;
if ($invalid_referer) {
return 403;
}
}
location / {
proxy_pass http://104.236.196.70:8080;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx$
root /home/vitorsemc/web/mydomain.com/public_html;
access_log /var/log/apache2/domains/mydomain.com.log combined;
access_log /var/log/apache2/domains/mydomain.com.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
Does anyone know what am I doing wrong?
Thanks a bunch.
I'm trying to prevent hotlinking with nginx support simply addin this to my conf file. (/home/$user/conf/web/nginx.conf):
location ~ \.(jpe?g|png|gif)$ {
valid_referers none blocked mydomain.com *.mydomain.com;
if ($invalid_referer) {
return 403;
}
}
adding this in here:
server {
listen 104.236.196.70:80;
server_name mydomain.com http://www.mydomain.com;
error_log /var/log/apache2/domains/mydomain.com.error.log error;
location ~ \.(jpe?g|png|gif)$ {
valid_referers none blocked mydomain.com *.mydomain.com;
if ($invalid_referer) {
return 403;
}
}
location / {
proxy_pass http://104.236.196.70:8080;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx$
root /home/vitorsemc/web/mydomain.com/public_html;
access_log /var/log/apache2/domains/mydomain.com.log combined;
access_log /var/log/apache2/domains/mydomain.com.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
Does anyone know what am I doing wrong?
Thanks a bunch.
Re: Prevent hotlinking w/ nginx support
Hello,
I also would like to know how to properly do this by adding to the nginx.conf file.
For me, when (from within the vestacp, or via ssh) adding the following to the nginx config file:
location ~ .(gif|png|jpeg|jpg|svg)$ {
valid_referers none blocked ~.google. ~.bing. ~.yahoo. yoursite.com *.yoursite.com;
if ($invalid_referer) {
return 403;
}
}
It instantly breaks nginx, and i have to remove it to reboot nginx successfully.
I have found a few hotlinked images taken from several of our sites by visiting google.com/images and typing the following into the image search field: url:yourdomain.com -site:yourdomain.com
Further to this conversation, because apache is used for the backend, and nginx for serving the frontend, adding rewrite conditions to the .htaccess file for a particular site doesn't seem to have any effect in curbing the hotlinking. So my conclusion is that it has to be done through the nginx.conf file or a "custom" .conf file. Is this correct? And if so, how should this be done?
Thank you for your help.
I also would like to know how to properly do this by adding to the nginx.conf file.
For me, when (from within the vestacp, or via ssh) adding the following to the nginx config file:
location ~ .(gif|png|jpeg|jpg|svg)$ {
valid_referers none blocked ~.google. ~.bing. ~.yahoo. yoursite.com *.yoursite.com;
if ($invalid_referer) {
return 403;
}
}
It instantly breaks nginx, and i have to remove it to reboot nginx successfully.
I have found a few hotlinked images taken from several of our sites by visiting google.com/images and typing the following into the image search field: url:yourdomain.com -site:yourdomain.com
Further to this conversation, because apache is used for the backend, and nginx for serving the frontend, adding rewrite conditions to the .htaccess file for a particular site doesn't seem to have any effect in curbing the hotlinking. So my conclusion is that it has to be done through the nginx.conf file or a "custom" .conf file. Is this correct? And if so, how should this be done?
Thank you for your help.