Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How to redirect if user direct access images with nginx?
New on LowEndTalk? Please Register and read our Community Rules.

How to redirect if user direct access images with nginx?

RurikoRuriko Member

How do I redirect if a user tries to direct access image files in browser only? I want to keep the ability to embed images with <img src="...">. How to redirect from

https://img.example.com/c/600x1200_90_webp/img-master/img/2022/01/03/08/04/54/95259215_p0_master1200.jpg

to

https://example.com/detail?id=95259215

This is my nginx conf

location ~ "^/c/600x1200_90_webp/img-master/img/*/*/*/*/*/(?<filename>.+\.(jpg|png))$" {
    return 301 https://example.com/detail?id=$filename;
}

Can anyone help fix the code?

Comments

  • AndreixAndreix Member, Host Rep
    edited January 15

    Since the request is the same for both scenarios, I think your best option would be to proxy the images though some sort of script and setup some limits there.
    And in nginx only allow from 127.0.0.1.

  • Mr_TomMr_Tom Member, Host Rep

    You can try and check if a referrer is set. If an image is loaded inline the referrer should be the same domain.

  • Can someone help me fix the redirect code cause it's not working. Here's my full nginx config

     proxy_cache_path /var/www/img.example.com/htdocs/cache-store levels=1:2 keys_zone=pixstore:10m max_size=5g inactive=7d use_temp_path=off;
        server {
    
            server_name img.example.com www.img.example.com;
    
            access_log /var/log/nginx/img.example.com.access.log ;
            error_log /var/log/nginx/img.example.com.error.log;
    
            add_header X-Proxy-Cache $upstream_cache_status;
            location / {
                proxy_cache pixstore;
                proxy_cache_revalidate on;
                proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
                proxy_cache_lock on;
                add_header X-Cache-Status $upstream_cache_status;
                proxy_pass http://xxx.xxx.xxx.xxx:8090;
                proxy_redirect off;
                include proxy_params;
                proxy_cache_valid 200 7d;
                proxy_cache_valid 404 5m;
            }
    
            location ~ "^/c/600x1200_90_webp/img-master/img/\d+/\d+/\d+/\d+/\d+/\d+/((?<filenum>\d+)[^/]+\.(jpg|png|webp))$" {
            valid_referers server_names;
            proxy_pass http://xxx.xxx.xxx.xxx:8090;
            if ($invalid_referer = "0") {
            return 301 http://view.example.com/artwork/$filenum; }
            }
    
        }
    
  • jmgcaguiclajmgcaguicla Member
    edited January 22

    @Ruriko said:
    Can someone help me fix the redirect code cause it's not working. Here's my full nginx config

            location ~ "^/c/600x1200_90_webp/img-master/img/\d+/\d+/\d+/\d+/\d+/\d+/((?<filenum>\d+)[^/]+\.(jpg|png|webp))$" {
            valid_referers server_names;
            proxy_pass http://xxx.xxx.xxx.xxx:8090;
            if ($invalid_referer = "0") {
            return 301 http://view.example.com/artwork/$filenum; }
            }
        
    

    You have it backwards, from nginx docs:

    Specifies the “Referer” request header field values that will cause the embedded $invalid_referer variable to be set to an empty string. Otherwise, the variable will be set to “1”. Search for a match is case-insensitive.

    $invalid_referer is an empty string if it is a valid referer (in your case if it is a valid server_name), you should be checking for 1 instead.

    Thanked by 1Ruriko
  • NeoonNeoon Member, Community Contributor

    You can in theory require a header, but its useless.
    Everyone can set and modify the own headers.

    Basically you are wasting your own time right now.

  • Also, disabling image hotlinking is so 2005.

    I would assume the primary reason to do so before was bandwidth but that shouldn't be a problem now.

    Thanked by 1yoursunny
Sign In or Register to comment.