If you are hosting a website, you almost certainly are aware of hotlinking or bandwidth theft. If not then read on. Hotlinking is essentially the practice of linking directly to a image or download hosted on a different website. This practice is typically frowned upon amongst the community of web site owners/operators however some unscrupulous characters will always exist. Below we will outline the steps that need to be taken on Nginx Webserver to prevent hotlinking. First you will want to navigate to your Nginx configuration, typically located at /etc/nginx/conf.d. Once there, open the website configuration in which you would like to disable hotlinking. Next add the directive below.
location ~ \.(jpe?g|png|gif|pdf|xls?x|doc?x|zip)$ {
valid_referers blocked oitibs.com *.oitibs.com;
if ($invalid_referer) {
return 403;
}
}
In this example above, any file that is requested will report a 403 Forbidden when the referrer is not your site. Note you will need to replace oitibs.com with your url. If you are running WordPress, you may prefer to disable hotlinking on the entire uploads folder which can be done with the directive below.
location /wp-content/uploads/ {
location ~* \.(jpe?g|png|gif|pdf|xls?x|doc?x|zip)$ {
valid_referers blocked oitibs.com *.oitibs.com;
if ($invalid_referer) {
return 403;
}
}
}
Once you have made the necessary configuration changes from above, simply restart Nginx and you have now enabled hotlink protection
I saw some website give one alternative file when the link is requested. What’s the way to do it? Can be also fine if someone steal one picture, but I like if I can write “took from http://www.miosito.com, come on my website if you want this picture” on the picture and give it to who requested.
how to ptotect file 3gp or mp4
Replace line 1 in the code block with
location ~ \.(jpe?g|png|gif|pdf|xls?x|doc?x|zip|3gp|mp4)$ {