Enable Dark Mode!
By: Prayag K

How to Prevent Image Hotlinking in NGINX


When a website links to images on your website without actually hosting those images on its own server, this practice is known as image hotlinking. It improves your data bandwidth while slowing down your website. Therefore, it is crucial to turn off picture hotlinking on your website. Here is the details on how to stop NGINX from hotlinking images from your website.

How to Prevent Image Hotlinking in NGINX

In this blog, we are going to discuss how to prevent image hotlinking using NGINX. This will restrict any other user from using images which are hosted on your website.

1. Open the NGINX Conf File

To open the NGINX configuration file, open the terminal and just run the below command.
$ sudo vi /etc/nginx/nginx.conf
Or, if you have set up separate virtual hosts for the website (www.cybrosys.com), you can access their configuration by running the following command:
$ sudo vi /etc/nginx/sites-enabled/website.conf

2. Disable Image Hotlinking in NGINX

To stop image hotlinking from any domain apart from our website, add the following location block inside the server block to turn off hotlinking in NGINX. (e.g cybrosys.com). 
location ~ .(gif|png|jpe?g)$ {
valid_referers none blocked cybrosys.com *.cybrosys.com;
if ($invalid_referer) {return 403;}}
Let us examine the code shown above line by line. Different picture file extensions will be matched by the first line with a pipe “ | “ in between each extension. A new pipe “ | “ can be added in addition to any other extensions you wish to add.
All the domains that are permitted to connect to the photos on your website are listed in 
the valid_referers variable's in the next line. Mention your website there, like cybrosys.com. Additionally, you can add any additional domains to which you want to grant access to your images. IP addresses are also acceptable here.
A "403: Access Forbidden" answer will be returned NGINX is regarded as an invalid_referer if the user requests come from a domain or IP address that is not included in the valid referrers list. 
The following lines should be applied to your NGINX configuration file if you would like to prevent hotlinking for files located within a particular directory, such as /uploads.
location /uploads/ {
valid_referers none blocked cybrosys.com *.cybrosys.com;
if ($invalid_referer) {return 403;}}

3. Restart NGINX Server

And at last, run the given commands to verify the syntax of your newly configured config file.
$ sudo nginx -t
If these codes run successfully without any error, just restart the NGINX server using the comments below.
$ sudo service nginx reload #debian/ubuntu
$ systemctl restart nginx #redhat/centos
So, we have done our final step, and now others can’t hotlink our images. 
Hope you all understand the image of hotlinking and the need to prevent hotlinking from our website.  To summarize, the blog will help you to prevent image hotlinking in NGINX

If you need any assistance in odoo, we are online, please chat with us.


Leave a comment




Cybrosys Technologies Pvt. Ltd.
Neospace, Kinfra Techno Park
Kakkancherry, Calicut
Kerala, India - 673635



Cybrosys Technologies Pvt. Ltd.
1st Floor, Thapasya Building,
Infopark, Kakkanad,
Kochi, India - 682030.



Cybrosys Techno Solutions
The Estate, 8th Floor,
Dickenson Road,
Bangalore, India - 560042

Send Us A Message