Nginx

Block Hotlinking Ngnix

Hotlinking is the process through which other websites use your pictures, videos, and other content on their pages. As a result, whenever someone accesses these pages, your website’s bandwidth is used. When petty webmasters can’t afford the cost of bandwidth, they resort to stealing it from other sources, which is known as hotlinking, which is a malicious practice. As a result, genuine webmasters are unable to use the bandwidth they have paid for. Additionally, if the bandwidth designated for the source webmaster runs out and the site owner does not pay for the overly used bandwidth, the linked resource may become unavailable for users who access the original website. Overall, website availability hotlinking should be prevented to protect its integrity. This guide shows you how to accomplish so quickly and easily.

Hotlinking Ngnix Common Errors

  • The hotlink prevention can frequently fail due to improper Plesk settings. For instance, a client implemented Nginx rules to forbid connecting to their image data. However, other websites continued to provide access to the photographs.
  • The option to Nginx directly serves static files was removed according to a thorough inspection by our support engineers. Because of this, Nginx was unable to handle the request for raw images. So, we enabled the option to repair the issue and hotlink protection was successful.
  • Similarly, issues with hotlinking prevention can arise from syntax flaws in the Nginx rules. For example, we put *.domain name in the valid referrer argument to disallow all subdomains from hotlinking protection. Like this, putting the regulations in the wrong place renders them useless. As a result, our support engineers always verify and put the Nginx restrictions in the proper place.

How to Block Hotlinking in Ngnix in Ubuntu 20.04

Here are the procedures to take to prevent NGINX from hotlinking images. Access a terminal and type the following command to retrieve the NGINX server configuration file:

To prevent NGINX from using image hotlinks from any domain other than yours, add the location block listed below inside the server block (e.g. website.com)

Let’s examine the code in the example above line by line. It will match a variety of picture file extensions in the first line. Add a new pipe “|” in addition to the new extension if you wish to add any further extensions. The list of websites permitted to connect to the photos on your website is provided in the following line by a valid referrer and mentions your website there. Any additional domains to which you want to grant access can also be added. IP addresses may also be added here. If the request originates from a domain or IP address that is not listed in valid referrers, NGINX will add it to invalid referrers and respond with “403: Access Denied”.

Add the following lines to your NGINX configuration file if you want to disable hotlinking for files in a certain directory, such as /uploads/.

To check the syntax of your modified config file, execute the following command:

Start the NGINX server by entering the following command if there are no issues:

How to Enable Anti-hotlinking in Ngnix in Ubuntu 20.04

We have two anti-hotlinking here such as whitelist and blacklist.

Anti-hotlink Whitelist
All other domain names are not permitted; only those on the whitelist are permitted access.

The purpose of the setup above is to first use a destination to match the needed format (photos and videos) and then utilize the valid referrers command to establish acceptable domain names. The valid referrer list does not contain any more domain names. In the end, 403 is returned when the $invalid_referer variable has returned its value of 1. The anti-hotlink whitelist is configured as shown above.

Anti-hotlink Blacklist
According to the whitelist, only requests for domain addresses on the blacklist are prohibited; all other requests will be granted. The limitations on the blacklist are lower than those on the whitelist. The anti-hotlink whitelist option is the only thing covered in most internet tutorials. Once the fundamentals are understood, the blacklist’s setting procedure is comparable.

The valid_referers_command is used in the configuration above to add the domain *.website_name.com to the blacklist. The $invalid_referer_return value is set to 0, the provided Referrer header is obtained and then a 403 error is returned, preventing access to the specified website domain name.

Why Hotlinking Should be Avoided?

Hotlinking has a particularly detrimental effect on website owners. Hotlinking may appear to users to be a simple way to obtain website assets, but it also has the potential to be harmful. Here are some reasons why hotlinking is a bad idea in the first place:

  • It is unethical to reuse resources without authorization. Without permission, it is theft to reuse content assets. You must obtain the rights and permission before using the content on your site unless it is covered by the creative commons license.
  • By using their resources without paying for them, you would be driving up their hosting costs. The bandwidth of the origin server is consumed each time a hot-linked image is viewed.
  • Legal ramifications may result from hotlinking. Hotlinking to copyrighted content can have negative financial and legal repercussions. When a copyright infringement notification is sent to the offender and no response is received, the original owner has the right to sue.
  • Over the hotlinked file, you have no control. The original webpage can be reached by clicking on a hot-linked image. Any adjustments made by the original owner to the content may be viewed on the offender’s website as well.
  • You come out as unoriginal and unprofessional when you hotlink. Adopting this approach can reflect adversely on you because hotlinking has a bad reputation. People might think you’re unoriginal and disrespectful of the rights of other users.

Conclusion

Play courteously and connect to websites instead of directly displaying photos if you’re a content organizer and frequent sharer. Hotlinking is one region that is not too tough to prevent if you are a content provider. Make careful rules to protect yourself from theft. Using any of the techniques, you will save time, money, and bandwidth. Also, increase site performance, cut costs, and save time by Cloudflare Enterprise integration, data centers worldwide, reaching a global audience, and our integrated Application Performance Monitoring allows for optimization.

About the author

Omar Farooq

Hello Readers, I am Omar and I have been writing technical articles from last decade. You can check out my writing pieces.