How to prevent hotlinking graphics from the domain?

Follow

Comments

4 comments

  • Avatar
    Thomas Kim

    Hi after changing the settings, other people cannot access the images files in my domain?

    But I have tried to https://domain.name/imgs/facebook.png, I can still view it even after hard reload and clear cache. I followed the steps in Linux, and I have check my domain is using Nginx. 

    Did I do anything wrong? 😔

    0
    Comment actions Permalink
  • Avatar
    Daria Gavrilova

    Hello @Thomas Kim,

    Thank you for your question.

    I double checked provided steps on the test environment and found that images will not be available in case if nginx is enabled, but the Serve static files directly by nginx option is disabled.

    So it is highly recommended to double check that Serve static files directly by nginx option is enabled on Home > Domains > example.com > Apache & nginx Settings page.

    If the option is enabled and the issue still can be seen, the most probable cause of the issue is that the domain has mixed content.
    To check it, please follow steps from the next article: The site opens with warning: This content should also be served over HTTPS

    If no issues are found there as well, please submit a request to Plesk Technical Support: How to submit a request to Plesk support?

    0
    Comment actions Permalink
  • Avatar
    Patrick Furgerson

    Is it possible to whitelist another domain that I own?

    e.g. I want to block hotlinking for everyone else but do want another one of my domains to still be able to serve images from my primary website.

    0
    Comment actions Permalink
  • Avatar
    Daria Gavrilova

    Hello @Patrick Furgerson,

    Thank you for your question.

    Yes, it can be done using the following rewrite rules for Additional directives for HTTP/Additional directives for HTTPS fields:

    RewriteEngine on
    RewriteCond % !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com(/)?.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?any_domain_name\.com(/)?.*$ [NC,OR]
    RewriteRule \.(gif|jpg|jpeg|png|swf)$ - [NC,F]

     

    If nginx support is enabled on the server, the following directives can be used in Additional nginx directives field:

    location ~ \.(jpe?g|png|gif)$ {
    valid_referers none blocked mysite.com *.mysite.com example.com;
    if ($invalid_referer) {
    return 403;
    }
    }
    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request