Hi How can i disable hotlinking on Centminmod server? Thanks
THis goes in nginx.conf right? also im kinda confused where to pasthe code exactly a the very bottom? Can i return an image instead of 403?
With this setup: How to stop image Hotlinking on Nginx Your image will not be index by Google also? Specifically Google Image Search.
So config should be like this? idk if added the code in the correct place tho Code: user nginx nginx; worker_processes 3; worker_priority -10; worker_rlimit_nofile 260000; timer_resolution 100ms; error_log logs/error.log; pid logs/nginx.pid; pcre_jit on; events { worker_connections 2048; accept_mutex on; accept_mutex_delay 100ms; use epoll; #multi_accept on; } http { include /usr/local/nginx/conf/pagespeedadmin.conf; include /usr/local/nginx/conf/fastcgi_param_https_map.conf; log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"' ' "$connection" "$connection_requests" "$request_time"'; access_log logs/access.log combined buffer=32k; index index.php index.html index.htm; include mime.types; default_type application/octet-stream; charset utf-8; sendfile on; #sendfile_max_chunk 1m; tcp_nopush on; tcp_nodelay off; server_tokens off; server_name_in_redirect off; keepalive_timeout 10; keepalive_requests 100; lingering_time 20s; lingering_timeout 5s; keepalive_disable msie6; gzip on; gzip_vary on; gzip_disable "MSIE [1-6]\."; gzip_static on; gzip_min_length 1400; gzip_buffers 32 8k; gzip_http_version 1.0; gzip_comp_level 5; gzip_proxied any; gzip_types text/plain text/css text/xml application/javascript application/x-javascript application/xml application/xml+rss application/ecmascript application/json image/svg+xml; client_body_buffer_size 256k; client_body_in_file_only off; client_body_timeout 60s; client_header_buffer_size 64k; ## how long a connection has to complete sending ## it's headers for request to be processed client_header_timeout 20s; client_max_body_size 10m; connection_pool_size 512; directio 4m; ignore_invalid_headers on; large_client_header_buffers 8 64k; output_buffers 8 256k; postpone_output 1460; proxy_temp_path /tmp/nginx_proxy/; request_pool_size 32k; reset_timedout_connection on; send_timeout 60s; types_hash_max_size 2048; server_names_hash_bucket_size 64; # for nginx proxy backends to prevent redirects to backend port # port_in_redirect off; open_file_cache max=10000 inactive=30s; open_file_cache_valid 120s; open_file_cache_min_uses 2; open_file_cache_errors off; open_log_file_cache max=4096 inactive=30s min_uses=2; location ~ .(gif|png|jpe?g)$ { valid_referers none blocked mywebsite.com *.mywebsite.com; if ($invalid_referer) { return 403; } } ## limit number of concurrency connections per ip to 16 ## add to your server {} section the next line ## limit_conn limit_per_ip 16; ## uncomment below line allows 500K sessions # limit_conn_log_level error; ####################################### # use limit_zone for Nginx <v1.1.7 and lower # limit_zone $binary_remote_addr zone=limit_per_ip:16m; ####################################### # use limit_conn_zone for Nginx >v1.1.8 and higher # limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m; ####################################### include /usr/local/nginx/conf/conf.d/*.conf; }
not in nginx.conf but yourdomain.conf @RoldanLT google will index fine.. hotlink protection just prevents other domains other than yours to serve the image to visitors
Can i add it right below this Code: include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/php.conf; include /usr/local/nginx/conf/drop.conf; include /usr/local/nginx/conf/errorpage.conf; } Wich will result in this: Code: include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/php.conf; include /usr/local/nginx/conf/drop.conf; include /usr/local/nginx/conf/errorpage.conf; } location ~ .(gif|png|jpe?g)$ { valid_referers none blocked mywebsite.com *.mywebsite.com; if ($invalid_referer) { return 403; } } Is this method correct?
So I want to block this entire directory: /data/ /styles/ How can I combine them into one declaration without creating another set of location? Combining this: Code: location /data/ { valid_referers none blocked *.domain.com; if ($invalid_referer) { return 403; } } location /styles/ { valid_referers none blocked *.domain.com; if ($invalid_referer) { return 403; } }
Did it worked for you? because i tried it no results. I even tried: Code: location ~ \.(gif|png|jpg|jpeg|JPG|GIF|JPEG|PNG)$ { valid_referers none blocked domain.com *.domain.com; if ($invalid_referer) { rewrite \.(gif|png|jpg|jpeg|JPG|GIF|JPEG|PNG)$ http://bla bla/stop_stealing_hotlinking.png redirect; } } Same thing :/
you might need to comment out this include file first as it also has location context matches for static file extensions Code: #include /usr/local/nginx/conf/staticfiles.conf;
Regarding this hotlinking prevention. This code is valid? Code: location ~ .(gif|png|jpe?g)$ { valid_referers none blocked mywebsite.com *.mywebsite.com; if ($invalid_referer) { return 403; } } Where exactly should I put it into mydomain.conf? I want all images from my domain are protected, not just from one folder. Code: # Centmin Mod Getting Started Guide # must read http://centminmod.com/getstarted.html # For SPDY SSL Setup # read http://centminmod.com/nginx_configure_https_ssl_spdy.html # redirect from www to non-www forced SSL # uncomment, save file and restart Nginx to enable # if unsure use return 302 before using return 301 server { server_name pijanitvor.com www.pijanitvor.com; return 301 https://www.$server_name$request_uri; } server { listen 443 ssl http2; server_name pijanitvor.com www.pijanitvor.com; ## redirect https non-www to https www if ($host = 'pijanitvor.com' ) { return 301 https://www.pijanitvor.com$request_uri; } ssl_dhparam /usr/local/nginx/conf/ssl/pijanitvor.com/dhparam.pem; ssl_certificate /usr/local/nginx/conf/ssl/pijanitvor.com/ssl-unified.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/pijanitvor.com/pijanitvor.com.key; include /usr/local/nginx/conf/ssl_include.conf; # mozilla recommended ssl_ciphers EECDH+CHACHA20-draft:EECDH+CHACHA20:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA:!DES-CBC3-SHA; ssl_prefer_server_ciphers on; #######################add_header Alternate-Protocol 443:npn-spdy/3; #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; #add_header X-Content-Type-Options "nosniff"; #add_header X-Frame-Options DENY; #######################spdy_headers_comp 5; ssl_buffer_size 1400; ssl_session_tickets on; #enable ocsp stapling resolver 8.8.8.8 8.8.4.4 valid=10m; resolver_timeout 10s; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /usr/local/nginx/conf/ssl/pijanitvor.com/ssl-trusted.crt; # ngx_pagespeed & ngx_pagespeed handler #include /usr/local/nginx/conf/pagespeed.conf; #include /usr/local/nginx/conf/pagespeedhandler.conf; #include /usr/local/nginx/conf/pagespeedstatslog.conf; # limit_conn limit_per_ip 16; # ssi on; access_log /home/nginx/domains/pijanitvor.com/log/access.log combined buffer=256k flush=60m; error_log /home/nginx/domains/pijanitvor.com/log/error.log; root /home/nginx/domains/pijanitvor.com/public; location / { index index.php index.html index.htm; try_files $uri $uri/ /index.php?$uri&$args; include /usr/local/nginx/conf/blockbots.conf; } location /internal_data/ { internal; allow 127.0.0.1; allow 94.237.29.18; deny all; } location /library/ { internal; allow 127.0.0.1; allow 94.237.29.18; deny all; } # prevent access to ./directories and files location ~ (?:^|/)\. { deny all; } include /usr/local/nginx/conf/staticfiles.conf; include /usr/local/nginx/conf/php.conf; include /usr/local/nginx/conf/drop.conf; #include /usr/local/nginx/conf/errorpage.conf; include /usr/local/nginx/conf/vts_server.conf; } Also, any chance to put image in return against 403? All this question are asked in this thread before, but there is not clear answer or solution.
this thread outlines it all including link to http://www.scalescale.com/tips/nginx/how-to-stop-image-hotlinking-on-nginx/ tried those solutions ? also google How to protect against image hotlinking in Nginx | LinuxBSDos.com and nginx - Image hotlink protection using rewrite - nikhil's blog