Question 98141 in Nginx Question posted in
The official documentation can be found here.

How to redirect user if direct access image files by browser? [nginx]

How do I redirect if a user tries to direct access image files in browser only? I want to still keep the ability to allow social media sites to embed our images by hotlinking. I just want only if a user direct access image by browser to redirect.

This is my nginx conf

proxy_cache_path /var/www/img.example.com/htdocs/cache-store levels=1:2 keys_zone=pixstore:10m max_size=5g inactive=7d use_temp_path=off;
server {

    server_name img.example.com www.img.example.com;

    access_log /var/log/nginx/img.example.com.access.log ;
    error_log /var/log/nginx/img.example.com.error.log;

    add_header X-Proxy-Cache $upstream_cache_status;
    location / {
        proxy_cache pixstore;
        proxy_cache_revalidate on;
        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
        proxy_cache_lock on;
        add_header X-Cache-Status $upstream_cache_status;
        proxy_pass http://xxx.xxx.xxx.xxx:8090;
        proxy_redirect off;
        include proxy_params;
        proxy_cache_valid 200 7d;
        proxy_cache_valid 404 5m;
    }

    location ~ "^/c/600x1200_90_webp/img-master/img/d+/d+/d+/d+/d+/d+/((?<filenum>d+)[^/]+.(jpg|png|webp))$" {
    valid_referers server_names;
    proxy_pass http://xxx.xxx.xxx.xxx:8090;
    if ($invalid_referer = "0") {
    return 301 http://view.example.com/artwork/$filenum; }
    }

}

The redirect isn’t working. How can I fix this?

Tags:

3

Answers


  1. 0

    I think you would be a lot better off doing it with something like Node.js and testing the User Agent string against a regular expression and if it contains something that browsers have like the text "Chrome" "Firefox" etc in it then redirect.

    Login or Signup to reply.
  2. 0

    How about whitelisting social media’s agent IP instead?

    For example, this is how you find all IP address used by Facebook’s agent

    whois -h whois.radb.net -- '-i origin AS32934' | grep ^route

    then add this to your nginx conf

    location ~ /(?<filenum>d+)[^/]*.(jpg|png|webp)$ {
    allow 69.63.176.0/20;
    allow 66.220.144.0/20;
    ...
    deny all;
    error_page 403 http://view.example.com/artwork/$filenum;
}

    And perhaps, you may want to check you regex using this site

    Login or Signup to reply.
  3. 0

    I would consider referer. Here is nginx module, and here is an article with some explanation, and gist with piece of code. So basically – you need to have the module and then you can use something like this:

    # apply this rule on any location that’s an image using Regexp
location ~* .(png|gif|jpg|jpeg|swf|ico)(?[0-9]+)?$ {
    # block empty blocked or whiteliste referers
    valid_referers none blocked ~.example.com ~.google. ~.yahoo. ~.bing. ~.facebook. ~.fbcdn.;
    if ($invalid_referer) {
        return 403;
    }
}

    Where example.com is your domain. Let me know how it goes – I’ll update answer if needed.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search