I have a directory with my media files and I need no to display them on other sites. Server doesn't support .htaccess, because it uses nginx.
How can I enable hotlink protection for my files?? Thank you.
+1
A:
Easiest way would be to check for the Referer header in HTTP request. Basically if that header does not have URL from your site, then this could be hot linking.
This has following problems:
- Referrer header can be forged -> hot linking works
- All user agents do not necessarily send the Referrer header -> legitimate user might not get the content.
You could also set a cookie when user is browsing your site, and check for existence of that cookie when user is accessing the streaming content.
Juha Syrjälä
2009-12-07 10:29:06
I like the cookie option, easy to encrypt it and expire them after a certain amount of time, much harder to spoof than the referrer
LorenVS
2009-12-07 10:54:34
A:
The details may be dated, but Igor gives an example of referrer mapping for image hotlink protection that might be useful here: http://nginx.org/pipermail/nginx/2007-June/001082.html
If you decide to go the referrer route.
If you are using memcached you could also store store client IP addresses for a time and only serve up your streaming media if an unexpired client IP is found in the cache. The client IP gets cached during normal browsing ensuring that the person viewing your streaming content has also recently been visiting your site.
Michael Reed
2009-12-29 22:06:03