No way. In any case, if you have a strong desire, all your defenses will be revealed.
The maximum that can be done is to complicate the reverse engineering of the operation protocol of your image service.
1. If you want to protect yourself from left-handed downloads, at least first you need to set a ceiling for downloading images from an ip address. But given the free proxies, this will not be a problem for pests.
2. The next step, which will help to weed out spammers well, is to block all countries where there are no users. For example, if you have users from Russia - put cloudflare and check in the firewall, or on the backend from the country header.
3. OK. We go further. Did I say something about reverse engineering? Oh yes.
Do you want no one to be able to load pictures right off the bat? Please - make a communication protocol between the boot server and the client. What exactly is the protocol? At least the transfer of any key during boot. What's the key? Yes, any, the main thing is that it be unique for each download. Here you can cheat with key generation, obfuscate the code, apply encryption, HMAC, and so on, which will make it very difficult to unravel the key generation.
4. Well, the last way is captcha. Where without her. With frequent downloads from ip - we throw him a captcha. Let it pass. If you want, you can put a captcha on each download. It will hurt the users, so what to do.
Finally. It is impossible to completely protect against spam downloads.
IP blocking? Proxy.
Country blocking? Proxies from target countries.
Complicated key generation? Reverse engineering.
Captcha? Antigate.
All in all - it will spoil the fans to spoil the server as much as possible. The point here is not to completely protect the application, but to make it as inconvenient as possible for pests to spam on the server.

https://www.nginx.com/resources/wiki/start/topics/...