How to protect images by referrer?

F

freshcot2016-11-09 17:56:11

Nginx

freshcot, 2016-11-09 17:56:11

There is such a config for protection against hotlink:

location ~* ^.*\.(jpeg|jpg|gif|png)$ {

            valid_referers none blocked example.com *.example.com ~(google.|yandex.);

            if ($invalid_referer) {
                return 403;
            }

            root /root/public_html;
            access_log off;
            expires 30d;
            error_page 404 = @apache;

}

We check:

wget --referer=http://ghfj.ru http://example.com/image.jpg
--2016-11-09 17:40:21--  http://example.com/image.jpg
Resolving example.com (example.com)... 10.10.10.1
Connecting to example.com (example.com)|10.10.10.1|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2016-11-09 17:40:21 ERROR 403: Forbidden.

It would seem - cheers, everything works, however:

wget --referer=ghfj.ru http://example.com/image.jpg
--2016-11-09 17:40:28--  http://example.com/image.jpg
Resolving example.com (example.com)... 10.10.10.1
Connecting to example.com (example.com)|10.10.10.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 121414 (119K) [image/jpeg]
Saving to: `image.jpg'

100%[=====================================================================================================================================================================================================>] 121 414     --.-K/s   in 0,003s  

2016-11-09 17:40:28 (39,3 MB/s) - `image.jpg' saved [121414/121414]

Those. if you specify just a domain without http as a referrer, then protection on nginx does not work, how can I solve this problem?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

Ne-Lexa, 2016-11-09
@freshcot

The browser sends the referrer from http, and you should not worry about specially modeled requests, they will calmly and slip a valid referrer.

S

SKRSKR, 2016-11-09
@SKRSKR

what is the purpose of this protection?