ScaleScaleScaleScale

Tips / Nginx


How to stop image Hotlinking on Nginx

Looking for a way to Stop Image Hotlinking on Nginx?

What is image hotlinking? Image Hotlinking is a very bad practice, it is used to steal bandwidth from your servers. What does this mean? It means someone creates a link to one of your images, but it is displayed on their websites. The result is you will end up paying more bandwidth transfer because of this. So, what you need is to secure your nginx server to block any hotlinking attempts.

Anti-hotlinking Nginx configuration:

Use a location directive inside your Nginx configuration file:

location ~ .(gif|png|jpe?g)$ {
     valid_referers none blocked mywebsite.com *.mywebsite.com;
     if ($invalid_referer) {
        return   403;
    }
}

The first line shows the protected file extensions, if you have other extensions to add, just add a new pipe (“|”) with the new extension you want to protect.

valid_referers line contains the list of sites allowed to hotlink images, yours must be specified there, but if you have other websites you can allow them there.

You can also protect files from a specific directory. For example:

location /pictures/ {
     valid_referers none blocked mywebsite.com *.mywebsite.com;
     if ($invalid_referer) {
        return   403;
    }
}

All done, now you know how to protect your website and directories from image hotlinking.

Popular search terms:

  • https://www scalescale com/tips/nginx/how-to-stop-image-hotlinking-on-nginx/
  • what is hot linking
  • stop this image was hotlinked
  • nginx scale images
profile

Esteban Borges

Linux Geek, Webperf Addict, Nginx Fan. CTO @Infranetworking

  • Chris

    Any reason these wouldn’t work? Literally copy/paste, nginx saying config is fine, yet any online hotlink checker still pulls them up? Browser cache is cleared as well to ensure it’s not serving from cache or anything funky…

    • hex

      Same here. Copy/paste, config is fine, hotlinking is still not interrupted.

  • Nauris

    Thanks, but not work for me.

  • Thanks, first option with file extensions is working but second with directory option don’t.

  • I have many images on my site. But google bot crawls hotlinked, and I see them in search result. So, question is — does this solution prevents google-bot to crawl hotlinked images on OTHER site?

  • Bob

    Your noobs..

    Do not just copy paste stuff… read it first 🙂

    Change the “mywebsite.com” to your website… :))

    After that it will work.

    • Tom

      How can they own noobs?