How to redirect if user direct access images with nginx?

Ruriko · January 2022

How do I redirect if a user tries to direct access image files in browser only? I want to keep the ability to embed images with <img src="...">. How to redirect from

https://img.example.com/c/600x1200_90_webp/img-master/img/2022/01/03/08/04/54/95259215_p0_master1200.jpg

to

https://example.com/detail?id=95259215

This is my nginx conf

location ~ "^/c/600x1200_90_webp/img-master/img/*/*/*/*/*/(?<filename>.+\.(jpg|png))$" {
    return 301 https://example.com/detail?id=$filename;
}

Can anyone help fix the code?

Andreix · January 2022

Since the request is the same for both scenarios, I think your best option would be to proxy the images though some sort of script and setup some limits there.
And in nginx only allow from 127.0.0.1.

Mr_Tom · January 2022

You can try and check if a referrer is set. If an image is loaded inline the referrer should be the same domain.

Ruriko · January 2022

Can someone help me fix the redirect code cause it's not working. Here's my full nginx config

 proxy_cache_path /var/www/img.example.com/htdocs/cache-store levels=1:2 keys_zone=pixstore:10m max_size=5g inactive=7d use_temp_path=off;
    server {

        server_name img.example.com www.img.example.com;

        access_log /var/log/nginx/img.example.com.access.log ;
        error_log /var/log/nginx/img.example.com.error.log;

        add_header X-Proxy-Cache $upstream_cache_status;
        location / {
            proxy_cache pixstore;
            proxy_cache_revalidate on;
            proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
            proxy_cache_lock on;
            add_header X-Cache-Status $upstream_cache_status;
            proxy_pass http://xxx.xxx.xxx.xxx:8090;
            proxy_redirect off;
            include proxy_params;
            proxy_cache_valid 200 7d;
            proxy_cache_valid 404 5m;
        }

        location ~ "^/c/600x1200_90_webp/img-master/img/\d+/\d+/\d+/\d+/\d+/\d+/((?<filenum>\d+)[^/]+\.(jpg|png|webp))$" {
        valid_referers server_names;
        proxy_pass http://xxx.xxx.xxx.xxx:8090;
        if ($invalid_referer = "0") {
        return 301 http://view.example.com/artwork/$filenum; }
        }

    }

jmgcaguicla · January 2022

@Ruriko said:
Can someone help me fix the redirect code cause it's not working. Here's my full nginx config

        location ~ "^/c/600x1200_90_webp/img-master/img/\d+/\d+/\d+/\d+/\d+/\d+/((?<filenum>\d+)[^/]+\.(jpg|png|webp))$" {
        valid_referers server_names;
        proxy_pass http://xxx.xxx.xxx.xxx:8090;
        if ($invalid_referer = "0") {
        return 301 http://view.example.com/artwork/$filenum; }
        }

You have it backwards, from nginx docs:

Specifies the “Referer” request header field values that will cause the embedded $invalid_referer variable to be set to an empty string. Otherwise, the variable will be set to “1”. Search for a match is case-insensitive.

$invalid_referer is an empty string if it is a valid referer (in your case if it is a valid server_name), you should be checking for 1 instead.

Neoon · January 2022

You can in theory require a header, but its useless.
Everyone can set and modify the own headers.

Basically you are wasting your own time right now.

jmgcaguicla · January 2022

Also, disabling image hotlinking is so 2005.

I would assume the primary reason to do so before was bandwidth but that shouldn't be a problem now.

Howdy, Stranger!

Categories

In this Discussion

How to redirect if user direct access images with nginx?

Comments

Howdy, Stranger!

Quick Links

Categories

In this Discussion

How to redirect if user direct access images with nginx?

Comments