Preventing Hotlinking with Nginx and NodeJS

By Kevan Stannard | Published: February 15, 2012

If you are running a NodeJS site via Nginx then you may be using proxy_pass to route requests from Nginx to Node.

If you’d like to also prevent hot linking then you might like to first have a read of Marcel Eichner’s post on preventing hot linking which this post is based on.

Then you can use a slightly modified version of that code which includes the proxy_pass directive in both of the location sections.

server {
    server_name yourdomain.com www.yourdomain.com;
    location ~* (\.jpg|\.png|\.gif)$ {
        valid_referers none blocked yourdomain.com www.yourdomain.com ~\.google\. ~\.yahoo\. ~\.bing\. ~\.facebook\. ~\.fbcdn\.;
        if ($invalid_referer) {
            return 403;
        }
        proxy_pass http://127.0.0.1:8123;
    }
    location / {
        proxy_pass http://127.0.0.1:8123;
    }
}

Some notes about this code:

In the valid_referers line, ‘blocked’ allows Referers that have been blocked by a firewall, ‘none’ allows requests with no Referer.

This is then followed by a list of domains and domain patterns that are also allowed. Google, Bing, etc are allowed for their image bots to access your site.

Posted in NodeJS | Tagged , , | Leave a comment

Another 10 Interesting JavaScript Features

By Kevan Stannard | Published: June 25, 2011

I previously posted about 10 Interesting JavaScript Features. Here’s ten more JavaScript features that I’ve recently found interesting.

Read More »

Posted in JavaScript | Tagged | Leave a comment

Should you use semicolons in JavaScript?

By Kevan Stannard | Published: February 10, 2011

There has been a quite a bit of chatter recently on whether or not you should use semicolons in your JavaScript code.

JavaScript provides a feature called Automatic Semicolon Insertion (ASI). For the most part there are rarely problems in omitting semicolons, but there are a few cases where semicolons are required to prevent syntax errors or resolve code ambiguities.

Read More »

Posted in JavaScript | Tagged , , , | Comments closed

Creating namespaces in JavaScript

By Kevan Stannard | Published: January 14, 2011

In the past it was very common to see global variables in snippets of JavaScript code across the web, such as:

name = "Spock";
function greeting() {
	return "Hello " + name;
}

A better approach is to place all of your code within a namespace; an object that contains all of your code and helps to prevent name clashes with JavaScript code written by others.

Read More »

Posted in JavaScript | Tagged | Comments closed

How to use sessions on Google App Engine with Python and gae-sessions?

By Kevan Stannard | Published: January 9, 2011

Google App Engine with Python does not provide built in session capabilities. This step by step walkthrough sets up a Google App Engine app using the lightweight gae-sessions utility.

Read More »

Posted in Google App Engine | Tagged , , , , | Comments closed