Home > Blockchain >  How to redirect user if direct access image files by browser? [nginx]
How to redirect user if direct access image files by browser? [nginx]

Time:01-27

How do I redirect if a user tries to direct access image files in browser only? I want to still keep the ability to allow social media sites to embed our images by hotlinking. I just want only if a user direct access image by browser to redirect.

This is my nginx conf

proxy_cache_path /var/www/img.example.com/htdocs/cache-store levels=1:2 keys_zone=pixstore:10m max_size=5g inactive=7d use_temp_path=off;
server {

    server_name img.example.com www.img.example.com;

    access_log /var/log/nginx/img.example.com.access.log ;
    error_log /var/log/nginx/img.example.com.error.log;

    add_header X-Proxy-Cache $upstream_cache_status;
    location / {
        proxy_cache pixstore;
        proxy_cache_revalidate on;
        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
        proxy_cache_lock on;
        add_header X-Cache-Status $upstream_cache_status;
        proxy_pass http://xxx.xxx.xxx.xxx:8090;
        proxy_redirect off;
        include proxy_params;
        proxy_cache_valid 200 7d;
        proxy_cache_valid 404 5m;
    }

    location ~ "^/c/600x1200_90_webp/img-master/img/\d /\d /\d /\d /\d /\d /((?<filenum>\d )[^/] \.(jpg|png|webp))$" {
    valid_referers server_names;
    proxy_pass http://xxx.xxx.xxx.xxx:8090;
    if ($invalid_referer = "0") {
    return 301 http://view.example.com/artwork/$filenum; }
    }

}

The redirect isn't working. How can I fix this?

CodePudding user response:

I would consider referer. Here is nginx module, and here is an article with some explanation, and gist with piece of code. So basically - you need to have the module and then you can use something like this:

# apply this rule on any location that’s an image using Regexp
location ~* \.(png|gif|jpg|jpeg|swf|ico)(\?[0-9] )?$ {
    # block empty blocked or whiteliste referers
    valid_referers none blocked ~\.example.com ~\.google\. ~\.yahoo\. ~\.bing\. ~\.facebook\. ~\.fbcdn\.;
    if ($invalid_referer) {
        return 403;
    }
}

Where example.com is your domain. Let me know how it goes - I'll update answer if needed.

CodePudding user response:

I think you would be a lot better off doing it with something like Node.js and testing the User Agent string against a regular expression and if it contains something that browsers have like the text "Chrome" "Firefox" etc in it then redirect.

CodePudding user response:

How about whitelisting social media's agent IP instead?

For example, this is how you find all IP address used by Facebook's agent

whois -h whois.radb.net -- '-i origin AS32934' | grep ^route

then add this to your nginx conf

location ~ /(?<filenum>\d )[^/]*\.(jpg|png|webp)$ {
    allow 69.63.176.0/20;
    allow 66.220.144.0/20;
    ...
    deny all;
    error_page 403 http://view.example.com/artwork/$filenum;
}

And perhaps, you may want to check you regex using this site

Page link:https//www.codepudding.com/Blockchain/278214.html

Prev:Redirect is not changing the url in react app
Next:LINQ - Nested WHERE IN query
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding