Protecting your Discourse installation for Hotlinking?


#1

I wonder what do you think guys about adding this rules to NGINX to protect from hotlinking.

http://nginxlibrary.com/hotlink-protection/

location ~ \.(jpe?g|png|gif)$ {
     valid_referers none blocked mysite.com *.mysite.com;
     if ($invalid_referer) {
        return   403;
    }
}

I think it should help if you are hosting images in your forum.


How to do hotlink protection in discourse?
(Jeff Atwood) #2

It’s fine as a first line of defense, and probably something we want to include in the documentation @supermathie.

I feel like bandwidth costs and sharing rules have gotten a lot more relaxed since 2004, so I am more open to letting people share the images on a forum outside the forum, within reason… though if it gets abused, and a certain uploaded forum image goes hyper viral, that’d be a problem for sure.


(Michael Brown) #3

Good plan! Added to my documents-in-progress.

Also want to add in an option to have nginx log a message when this is detected, but permit it.


(ampburner) #4

Is there any way that I can do this myself? I’m experiencing some hotlinking issues and I would like to know what my options are.


(Régis Hanol) #5

You will have to update your app.yml so that it updates the /etc/nginx/conf.d/discourse.conf file using pups’ replacement syntax.