Want more timely Centmin Mod News Updates?
Become a Member

Wordpress Not able to enable hotlink protection

Discussion in 'Blogs & CMS usage' started by Fernando, May 16, 2019 at 10:19 AM.

  1. Fernando

    Fernando Member

    55
    9
    8
    Jul 21, 2017
    Ratings:
    +14
    Local Time:
    11:26 AM
    1.13.3
    10.1.25
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed:123.09beta01
    • Nginx Version Installed: 1.15.12
    • PHP Version Installed: 7.3.4
    • MariaDB MySQL Version Installed: 10.3.14
    • When was last time updated Centmin Mod code base ? : today
    • Persistent Config: Do you have any persistent config file options set in /etc/centminmod/custom_config.inc ? You can check via this command:
      Code (Text):
      cat /etc/centminmod/custom_config.inc
      MARCH_TARGETNATIVE='n'
      LETSENCRYPT_DETECT='y'
      DUALCERTS='y'
      NGXDYNAMIC_NGXPAGESPEED='y'
      NGINX_PAGESPEED='n'
      
      
      [*]

    I'm trying to enable hotlink protection however, it doesn't seem to be working so I'm wondering if someone can take a look or share the configuration.

    Basically this is my vhost
    Code:
    [00:08][[email protected] log]# cat /usr/local/nginx/conf/conf.d/zonamotriz.com.ssl.conf
    
    #x# HTTPS-DEFAULT
    map $http_host $blogid {
        default       -999;
                    include /home/nginx/domains/zonamotriz.com/public/wp-content/uploads/nginx-helper/map.conf;
    }
    
     server {
    
       server_name zonamotriz.com *.zonamotriz.com;
       return 302 https://$host$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name zonamotriz.com *.zonamotriz.com;
    
      include /usr/local/nginx/conf/ssl/zonamotriz.com/zonamotriz.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/zonamotriz.com/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/zonamotriz.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/zonamotriz.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/zonamotriz.com/autoprotect-zonamotriz.com.conf;
      root /home/nginx/domains/zonamotriz.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      #include /usr/local/nginx/conf/wpincludes/zonamotriz.com/wpcacheenabler_zonamotriz.com.conf;
      #include /usr/local/nginx/conf/wpincludes/zonamotriz.com/wpsupercache_zonamotriz.com.conf;
      # https://community.centminmod.com/posts/18828/
      include /usr/local/nginx/conf/wpincludes/zonamotriz.com/rediscache_zonamotriz.com.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      try_files $uri $uri/ /index.php?$args;
    
      if ($args ~ "^author=\d") { return 444; }
      }
    
      # Rewrites for subdomains
      rewrite /wp-admin$ $scheme://$host$uri/ permanent;
      #rewrite ^/(wp-.*)$ /wordpress/$1 last;
      #rewrite ^/(/.*\.php) /wordpress$1 last;
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/zonamotriz.com/htpasswd_wplogin;
        #include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        deny all;
        access_log off;
        log_not_found off;
        #limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        #include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-scripts\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        #include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-styles\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        #include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /debug\.log$ {
        deny all;
    }
    
    
    location /wp-content/uploads/2018 {
      #pagespeed off;
      autoindex off;
      #add_header X-Robots-Tag "noindex, nofollow";
      location ~* ^/wp-content/uploads/2018/.+\.(png|jpe?g)$ {
      expires 8d;
      add_header Vary "Accept-Encoding";
      add_header Cache-Control "public, no-transform";
      try_files $uri$webp_extension $uri =404;
    
      }
    }
    
    location /wp-content/uploads/2019 {
      #pagespeed off;
      autoindex off;
      #add_header X-Robots-Tag "noindex, nofollow";
      location ~* ^/wp-content/uploads/2019/.+\.(png|jpe?g)$ {
      expires 8d;
      add_header Vary "Accept-Encoding";
      add_header Cache-Control "public, no-transform";
      try_files $uri$webp_extension $uri =404;
    
      }
    }
    
    location /wp-content/uploads/sites/3/2019 {
      #pagespeed off;
      autoindex off;
      #add_header X-Robots-Tag "noindex, nofollow";
      location ~* ^/wp-content/uploads/sites/3/2019/.+\.(png|jpe?g)$ {
      expires 8d;
      add_header Vary "Accept-Encoding";
      add_header Cache-Control "public, no-transform";
      try_files $uri$webp_extension $uri =404;
    
      }
    }
    
    location /wp-content/uploads/sites/3/2018 {
      #pagespeed off;
      autoindex off;
      #add_header X-Robots-Tag "noindex, nofollow";
      location ~* ^/wp-content/uploads/sites/3/2018/.+\.(png|jpe?g)$ {
      expires 8d;
      add_header Vary "Accept-Encoding";
      add_header Cache-Control "public, no-transform";
      try_files $uri$webp_extension $uri =404;
    
      }
    }
    
    location ~* /(.*)/(.*)/(.*)/santa-catalina-de-alejandria {
            return 302 https://dev.zonamotriz.com;
    }
    
    location ~ ^/(wp-signup\.php) {
            return 302 https://zonamotriz.com/register;
    
    }
    location ~ ^/wp-json/wp/v2/users {
            allow 127.0.0.1;
            allow 45.32.200.143;
            deny all;
    }
    location ~ ^/(wp-cron\.php) {
            allow 127.0.0.1;
            allow 45.32.200.143;
            deny all;
    }
      include /usr/local/nginx/conf/wpincludes/zonamotriz.com/wpsecure_zonamotriz.com.conf;
      #include /usr/local/nginx/conf/php-wpsc.conf;
    
      # https://community.centminmod.com/posts/18828/
      include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/pre-staticfiles-local-zonamotriz.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    And this the top of my /usr/local/nginx/conf/staticfiles.conf

    Code:
    [00:15][[email protected] log]# cat /usr/local/nginx/conf/staticfiles.conf
        # prepare for letsencrypt
        # https://community.centminmod.com/posts/17774/
        location ~ /.well-known { location ~ /.well-known/acme-challenge/(.*) { more_set_headers    "Content-Type: text/plain"; } }
    
        location ~* \.(gif|jpg|jpeg|png|ico)$ {
          gzip_static off;
          #add_header Pragma public;
          #add_header X-Frame-Options SAMEORIGIN;
          #add_header X-Xss-Protection "1; mode=block" always;
          #add_header X-Content-Type-Options "nosniff" always;
          add_header Access-Control-Allow-Origin *;
          add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
          valid_referers none blocked ~.google. ~.bing. ~.yahoo. zonamotriz.com *.zonamotriz.com;
          if ($invalid_referer) {
            return   403;
          }
          access_log off;
          expires 30d;
          break;
        }
    
    I was able to embed and image using a different wordpress domain pointing to:
    https://zonamotriz.com/wp-content/uploads/2019/05/church-3481187_1920-1.jpg

    Also, I checked with curl:
    curl --referer Sillas de oficina, Sillas ergonomicas y Mobiliario | Himax Internacional https://zonamotriz.com/wp-content/uploads/2019/05/church-3481187_1920-1.jpg

    I'm not able to make it work and get a 403 response.
    Thank you for your help.
    Best Regards
     
  2. eva2000

    eva2000 Administrator Staff Member

    39,758
    8,769
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,494
    Local Time:
    3:26 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    nginx docs Module ngx_http_referer_module

    have you checked the nginx logs to see if nginx is seeing the correct referrer ?

    you can also setup a custom separate access log for your domain with $invalid_referrer variable logged so you can inspect that separate custom access log to see if it's invalid in nginx's eyes
     
  3. Fernando

    Fernando Member

    55
    9
    8
    Jul 21, 2017
    Ratings:
    +14
    Local Time:
    11:26 AM
    1.13.3
    10.1.25
    Hi Eva,

    Thank you for your help!

    Please see below:

    "have you checked the nginx logs to see if nginx is seeing the correct referrer ?" Yes it comes with the supposed referrer that needs to be blocked.

    Now, I found something interesting:

    This works:
    Code:
    server {
      listen 443 ssl http2 reuseport;
      server_name zonamotriz.com *.zonamotriz.com;
    
      valid_referers none blocked server_names;
          if ($invalid_referer) {
            return 403;
          }
    This doesn't

    Code:
    server {
      listen 443 ssl http2 reuseport;
      server_name zonamotriz.com *.zonamotriz.com;
    
      location /wp-content/uploads/ {
        location ~* \.(jpe?g|png|gif|pdf|xls?x|doc?x|zip|jpg|jpeg|ico)$ {
          valid_referers none blocked server_names;
          if ($invalid_referer) {
            return 403;
          }
        }
    }
    So for some reason valid_referers within a location block it doesn't work.
    Now if I read this article properly: https://www.digitalocean.com/commun...selection-algorithms#matching-location-blocks

    Nginx will take the first match and will stop any other location evaluation if there was a match already?

    If that's the case I'm not sure why location /wp-content/uploads/ doesn't work?

    Also, I'm not sure if it's a good idea to use valid_referers within the server block instead of the location block.

    Any suggestion why you believe valid_referers doesn't work within the code above?
    Thank you!
    Best Regards
     
  4. eva2000

    eva2000 Administrator Staff Member

    39,758
    8,769
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,494
    Local Time:
    3:26 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Order of location matching matters. You can read https://community.centminmod.com/threads/understanding-nginx-vhost-location-server-contexts.13745/ in Centmin Mod Insights forum which links to
    From beginner's guide at Beginner’s Guide
     
  5. Fernando

    Fernando Member

    55
    9
    8
    Jul 21, 2017
    Ratings:
    +14
    Local Time:
    11:26 AM
    1.13.3
    10.1.25
    Hi Eva,

    Yes :) to me, it's really strange why it's not working puting

    Code:
    location /wp-content/uploads/ {
        location ~* \.(jpe?g|png|gif|pdf|xls?x|doc?x|zip|jpg|jpeg|ico)$ {
          valid_referers none blocked server_names;
          if ($invalid_referer) {
            return 403;
          }
        }
    }
    At the very top of the file wheere there's no other includes :(

    And also, tested the same valid_referers in the /usr/local/nginx/conf/staticfiles.conf

    I'm out of ideas
    Thank you!
     
  6. eva2000

    eva2000 Administrator Staff Member

    39,758
    8,769
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,494
    Local Time:
    3:26 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    what did you set in /usr/local/nginx/conf/staticfiles.conf ? to troubleshoot which location nginx matches, you can add a unique header to each location identifying it when you inspect your image url's headers i.e.

    for /wp-content/uploads
    Code (Text):
    add_header X-Hotlink "uploads";
    

    for staticfiles.conf include version
    Code (Text):
    add_header X-Hotlink "staticfiles";
    

    then when you do a curl -I header inspection of image url, you can see which header pops up as a match
    Code (Text):
    curl -I https://domain.com/image.png
     
  7. Fernando

    Fernando Member

    55
    9
    8
    Jul 21, 2017
    Ratings:
    +14
    Local Time:
    11:26 AM
    1.13.3
    10.1.25
    Hi Eva,

    Please see below:

    Test 1: No valid_referers set in /usr/local/nginx/conf/conf.d/zonamotriz.com.ssl.conf only in /usr/local/nginx/conf/staticfiles.conf

    Code:
    [23:31][[email protected] log]# head -22 /usr/local/nginx/conf/staticfiles.conf
        # prepare for letsencrypt
        # https://community.centminmod.com/posts/17774/
        location ~ /.well-known { location ~ /.well-known/acme-challenge/(.*) { more_set_headers    "Content-Type: text/plain"; } }
    
        location ~* \.(gif|jpg|jpeg|png|ico)$ {
          gzip_static off;
          #add_header Pragma public;
          #add_header X-Frame-Options SAMEORIGIN;
          #add_header X-Xss-Protection "1; mode=block" always;
          #add_header X-Content-Type-Options "nosniff" always;
          add_header Access-Control-Allow-Origin *;
          add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
          add_header X-Hotlink "staticfiles";
          access_log on;
          valid_referers none blocked server_names;
          if ($invalid_referer) {
            return 403;
          }
          expires 30d;
          break;
        }
    
    [23:31][[email protected] log]# curl -I https://zonamotriz.com/wp-content/uploads/2019/05/church-3481187_1920-1.jpg
    HTTP/1.1 200 OK
    Date: Thu, 16 May 2019 23:33:26 GMT
    Content-Type: image/jpeg
    Content-Length: 423910
    Last-Modified: Thu, 02 May 2019 14:19:28 GMT
    Connection: keep-alive
    ETag: "5ccafc70-677e6"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Expires: Fri, 24 May 2019 23:33:26 GMT
    Cache-Control: max-age=691200
    Vary: Accept-Encoding
    Cache-Control: public, no-transform
    Accept-Ranges: bytes
    
    Test 2: Remove valid_referers from /usr/local/nginx/conf/staticfiles.conf And add valid_referers to /usr/local/nginx/conf/conf.d/zonamotriz.com.ssl.conf

    Code:
    [23:35][[email protected] log]# head -n 30 /usr/local/nginx/conf/conf.d/zonamotriz.com.ssl.conf
    
    #x# HTTPS-DEFAULT
    map $http_host $blogid {
        default       -999;
                    include /home/nginx/domains/zonamotriz.com/public/wp-content/uploads/nginx-helper/map.conf;
    }
    
     server {
    
       server_name zonamotriz.com *.zonamotriz.com;
       return 302 https://$host$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name zonamotriz.com *.zonamotriz.com;
    
      location /wp-content/uploads/ {
        location ~* \.(jpe?g|png|gif|pdf|xls?x|doc?x|zip|jpg|jpeg|ico)$ {
          add_header X-Hotlink "uploads";
          valid_referers none blocked server_names;
          if ($invalid_referer) {
            return 403;
          }
        }
    }
      include /usr/local/nginx/conf/ssl/zonamotriz.com/zonamotriz.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
     
    [23:35][[email protected] log]# curl -I https://zonamotriz.com/wp-content/uploads/2019/05/church-3481187_1920-1.jpg
    HTTP/1.1 200 OK
    Date: Thu, 16 May 2019 23:36:25 GMT
    Content-Type: image/jpeg
    Content-Length: 423910
    Last-Modified: Thu, 02 May 2019 14:19:28 GMT
    Connection: keep-alive
    ETag: "5ccafc70-677e6"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Expires: Fri, 24 May 2019 23:36:25 GMT
    Cache-Control: max-age=691200
    Vary: Accept-Encoding
    Cache-Control: public, no-transform
    Accept-Ranges: bytes
    [CODE]
     
  8. eva2000

    eva2000 Administrator Staff Member

    39,758
    8,769
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,494
    Local Time:
    3:26 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    In both cases none of the locations are getting matched so you either have another location context matching on image file extensions elsewhere or you have some cdn or proxy service or wordpress plugin rewriting/manipulating the images as I see they have Expries header of May 24th with cache-control max-age = 691200 seconds or 8 days which no Centmin Mod default config will have as images are set to expire/cache control of 30 days by default with cache-control set to public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800 instead of your public, no-transform settings.
     
    • Winner Winner x 1
  9. Fernando

    Fernando Member

    55
    9
    8
    Jul 21, 2017
    Ratings:
    +14
    Local Time:
    11:26 AM
    1.13.3
    10.1.25
    Hi Eva,

    Thank you! I'm not using any CDN, but based on those headers I found it :)

    Now let me ask you if you have a better idea how to make it work for all images
    I'm using your optimise-images.sh and conditionally providing webp when supported so if you look at the end of the server block I have:

    Code:
    location /wp-content/uploads/2019 {
      #pagespeed off;
      autoindex off;
      #add_header X-Robots-Tag "noindex, nofollow";
      location ~* ^/wp-content/uploads/2019/.+\.(png|jpe?g)$ {
      expires 8d;
      add_header Vary "Accept-Encoding";
      add_header Cache-Control "public, no-transform";
      try_files $uri$webp_extension $uri =404;
    
      }
    }
    So I modified with:
    Code:
    location /wp-content/uploads/2019 {
      #pagespeed off;
      autoindex off;
      #add_header X-Robots-Tag "noindex, nofollow";
      location ~* ^/wp-content/uploads/2019/.+\.(png|jpe?g)$ {
      expires 8d;
      valid_referers none blocked server_names;
          if ($invalid_referer) {
            return 403;
          }
      add_header Vary "Accept-Encoding";
      add_header Cache-Control "public, no-transform";
      try_files $uri$webp_extension $uri =404;
    
      }
    }
    And now it works perfectly, but I'm wondering if I will have to add the same to each /wp-content/uploads locations? Or if there's another way?

    If there's no other way that's fine I will add the code to each /wp-content/uploads locations
    :)

    Thank you once again!
     
  10. eva2000

    eva2000 Administrator Staff Member

    39,758
    8,769
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,494
    Local Time:
    3:26 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    use single version outlined at https://community.centminmod.com/th...-wordpress-plugin-on-centmin-mod-nginx.17469/
    Code (Text):
    # webp extension support if you are converting /uploads images to webp
    location ~ ^/wp-content/uploads/ {
      #pagespeed off;
      #pagespeed unplugged;
      #autoindex on;
      #add_header X-Robots-Tag "noindex, nofollow";
      location ~* ^/wp-content/uploads/(.+/)?(.+)\.(png|jpe?g)$ {
       expires 30d;
       add_header Vary "Accept-Encoding";
       add_header Cache-Control "public, no-transform";
       try_files $uri$webp_extension $uri =404;
      }
    }
    

    so with nginx valid_referers directive
    Code (Text):
    # webp extension support if you are converting /uploads images to webp
    location ~ ^/wp-content/uploads/ {
      #pagespeed off;
      #pagespeed unplugged;
      #autoindex on;
      #add_header X-Robots-Tag "noindex, nofollow";
      location ~* ^/wp-content/uploads/(.+/)?(.+)\.(png|jpe?g)$ {
       expires 30d;
      valid_referers none blocked server_names;
         if ($invalid_referer) {
           return 403;
         }
       add_header Vary "Accept-Encoding";
       add_header Cache-Control "public, no-transform";
       try_files $uri$webp_extension $uri =404;
      }
    }
    
     
    • Winner Winner x 1
  11. Fernando

    Fernando Member

    55
    9
    8
    Jul 21, 2017
    Ratings:
    +14
    Local Time:
    11:26 AM
    1.13.3
    10.1.25
    Hi Eva,

    Thank you once again, now it works perfectly!
    Best Regards
     
    • Like Like x 1
..