How to set up Referer in Nginx to prevent image theft

If the server's images are hotlinked by other websites, it will affect the server's bandwidth and access speed. At this time, we need to set up anti-hotlink function for image files or video files;

The anti-hotlink function, in simple terms, means that you can access the resource directly, but you cannot put my resource link on your own server for others to access, especially large files such as pictures or videos, which can easily cause the server to respond very slowly.

If it weren’t an image hosting service, I would be really worried that other websites would directly use the pictures on our site. In this way, the traffic may be used up in an instant. After all, CDN is bought with a lot of money. Therefore, it is better to set up an anti-hotlink, Nginx can complete this function.

Generally speaking, when a browser that complies with the HTTP protocol visits website B from website A, it will include the URL of the current website to indicate where the click came from. Therefore, this module of Nginx also relies on this to be implemented. So, if hackers do not add this header, they still cannot happily prevent theft of images.

Nginx official website documents are as follows:

Syntax: valid_referers none | blocked | server_names | string ...;
Default: —
Context: server, location

Introduction to nginx referer directive

The nginx module ngx_http_referer_module is usually used to block requests from illegal domain names. We should keep in mind that it is very easy to spoof the Referer header, so this module can only be used to block most illegal requests. We should remember that some legitimate requests will not have a referer source header, so sometimes do not reject requests with an empty source header (referer).

Therefore, we can add code in the server or location block. I saved it as valid_referers.conf:

valid_referers none blocked server_names;

if ($invalid_referer) {
 return 403;
}

Then add include /etc/nginx/valid_referers.conf where needed. Of course, the premise for executing this is that valid_referers.conf has been placed in the /etc/nginx/valid_referers.conf path on the corresponding machine.

Example:

 location /articles/img {
  include /etc/nginx/valid_referers.conf;
  root /data/blog/code;
 }

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.