Nginx: Prevent direct access to static files

You can use nginx referer module: http://nginx.org/en/docs/http/ngx_http_referer_module.html. Something like this:

server {
    listen 80;
    server_name website.com;
    root /var/www/website.com/html ;
    location /assets/ {
        valid_referers website.com/ website.com/index.html website.com/some_other_good_page.html ;
        if ($invalid_referer) {
            deny all;
        }
    }
}

This config guard assets directory. But remember, that not guaranteed and worked only for browser - any body can emulate valid request with curl or telnet. For true safety you need use dynamic generated pages with dynamic generated links.

You do not need to create the variable $invalid_referer as this is set by the nginx module.

Tags:

Nginx