Hi,
I've been trying to prevent hotlinking and locking down some php files to my server only via my .conf files but its having no effect at all. First I tried adding the below location instructions into all the server blocks I could find (in places like default.conf, the.conf etc) but nothing, next I tried adding a server block to my nginx.conf and putting them in there, nothing. I've been reloading nginx.conf at every step with no errors and I've relaunched nginx as well just to make sure, but none of the below scripts are doing anything for me, not even simple hotlink projection. I'm running 1.2.2 on CentosOS 6.3 if it makes any difference, with Php-fpm 5.4
Here are the things i'm trying to get working… (and yes myurl.com is of course changed for our actual URL) - what am I doing wrong? Why can I still link any of the file types or specifically mentioned files below without any problem on my other domains?
location /wp-content/plugins/amazon-s3-cloud-mp3-player/html5/html5big.php {
valid_referers none blocked myurl.com.fqdn;
if ($invalid_referer) {
return 403;
}
}
location /wp-content/plugins/amazon-s3-cloud-mp3-player/html5/ {
valid_referers none blocked myurl.com *.myurl.com;
if ($invalid_referer) {
return 403;
}
}
## Stop Image and Document Hijacking
location ~* (\.php|\.mp3|\.css|\.png|\.jpg)$ {
if ($http_referer !~ ^(myurl.com) ) {
return 405;
}
}
I've been trying to prevent hotlinking and locking down some php files to my server only via my .conf files but its having no effect at all. First I tried adding the below location instructions into all the server blocks I could find (in places like default.conf, the.conf etc) but nothing, next I tried adding a server block to my nginx.conf and putting them in there, nothing. I've been reloading nginx.conf at every step with no errors and I've relaunched nginx as well just to make sure, but none of the below scripts are doing anything for me, not even simple hotlink projection. I'm running 1.2.2 on CentosOS 6.3 if it makes any difference, with Php-fpm 5.4
Here are the things i'm trying to get working… (and yes myurl.com is of course changed for our actual URL) - what am I doing wrong? Why can I still link any of the file types or specifically mentioned files below without any problem on my other domains?
location /wp-content/plugins/amazon-s3-cloud-mp3-player/html5/html5big.php {
valid_referers none blocked myurl.com.fqdn;
if ($invalid_referer) {
return 403;
}
}
location /wp-content/plugins/amazon-s3-cloud-mp3-player/html5/ {
valid_referers none blocked myurl.com *.myurl.com;
if ($invalid_referer) {
return 403;
}
}
## Stop Image and Document Hijacking
location ~* (\.php|\.mp3|\.css|\.png|\.jpg)$ {
if ($http_referer !~ ^(myurl.com) ) {
return 405;
}
}