I want to prevent hotlingking in my site.
However I also have cloudflare to serve my site. I don't want to use cloudflare hotlinking protection feature as it cannot exclude external domain that I allowed image linking (as well as redirect images to a hotlink-denied image). Thus I want to prevent hotlinking in my server level.
The problem is when I enabled it in my server, the cloudflare will redirect to the hotlink-denied images, regardless what is the domain, which including my own domain. Here is the codes I used:
location ~* \.(gif|png|jpe?g)$ {
# prevent hotlink
valid_referers none blocked ~.google. ~.bing. ~.yahoo. allowed-domain.com, server_names ~($host);
if ($invalid_referer) {
rewrite (.*) /static/images/hotlink-denied.jpg redirect;
# drop the 'redirect' flag for redirect without URL change (internal rewrite)
}
}
location = /static/images/hotlink-denied.jpg { }
Is there anyway to bypass cloudflare on the images?
Best Answer
Images are a key static resource you want to deliver via a CDN. That reduces your server load and makes your website load faster for your visitors. That might not suit some use cases though.
I use CloudFlare for hotlink protection. Like you, when I turn it off, Nginx hotlink protection doesn't work. My configuration looks very similar to yours.
The best way to enable hotlinking is to follow the CloudFlare instructions if you want to enable hotlinking.
Option Two
The next option would be to create a subdomain, host it under CloudFlare, but turn Hotlink protection off. Currently this is done in the "content protection" tab, far right of the control panel.
You have two sub options here
My Nginx Config
Here's my Nginx config, which like yours, doesn't work through CloudFlare.