-
Notifications
You must be signed in to change notification settings - Fork 247
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable image hotlinking #34
Comments
Hello Richard, Nice idea. But I think that returning a [in-memory 1x1 transparent GIF](rfimusique.com rfimusique.local) is "nicer". It weights 43 bytes and there's no potential for mucking up the CSS on a page that tries to include the images.
I'll update the config soon with this option. Also offering the Thanks. |
Of course that's also a great idea. Please bare in mind that your current code will break Imagecache (took me a lot of time to find a solution that works). Include the redirect as well, it's kind of a tradition to display a funny picture if somebody hotlinks your images (most of the time your images get hotlinked in forums, and with a funny picture you can at least make some advertisement for your website and if people aren't interested they have something to laugh about). Regards |
This needs to be better thinked out. I haven't noticed your Needs further work. It's just that using António |
I know that, but I couldn’t find a way to achieve Imagecache support without using a third party module (like Richard PS: That’s also the reason why I suggested it as optional. |
Perhaps we can do away with the |
I had such a configuration, but the problem was that I couldn’t block hotlinking of Imagecache generated images. I have to check if the file exists in order to decide if I have to forward the request to Drupal (respectively Imagecache) or not. If we could find out how to include Imagecache as valid referer it would work with a map. But every configuration I tried blocked the AJAX requests and Imagecache directly stopped generating images. |
That shouldn't happen. The try files phase happens much later than the rewrite phase. Here's a config sketch done in the morning train. Caveat emptor. At the
At the image serving
The
Needs testing. YMMV. |
I will try it later today and give you feedback. |
I have added hotlinking protection. Now it returns a mere message that states: |
Just to add that the referer check happens at the rewrite phase. If the host is allowed then the |
Hi perusio!
Just implemented this in my own website and thought you might be interested to include this as an optional (or standard) part of your nginx configuration. It works with Imagecache and AJAX field UI of Drupal 7. I only tested it with a Drupal 7 installation, Drupal 6 might need some adoptions.
blacklist-hotlinking.conf
static-files.conf
Implementation example in
sites-available/drupal.conf
By default I allow no referers (valid users might not submit one), blocked (if users try to to stay anonymous) our server names, our domain including all subdomains and of course the big search engines including all subdomains and TLDs.
Hope you like it and keep up the great work!
Regards
Richard
The text was updated successfully, but these errors were encountered: