How to allow list by IP (Hotlink by Page rule)

hipstore11 · November 24, 2020, 4:40pm

If I want a allow list IP address, what should I configure? Thank you

sdayman · November 24, 2020, 6:02pm

If you mean hotlinking to images, you would need to create a firewall rule, probably by hand in the expression editor.

But you can probably start with the expression builder for a URL that contains jpg or png where the referrer is not your domain or the IP address is not in that list.

I’m on mobile right now and can’t post an example from Firewall Rules.

erictung · November 25, 2020, 1:39am

I guess this is something you want to do?

hipstore11 · November 25, 2020, 8:54am

Thanks for reply.

I want list domain & list IP (allowlisted Allow) as screenshot below

erictung · November 25, 2020, 9:19am

Did you already enable Hotlink Protection under Scrape Shield?

So I know what type of suggestions should provide.

erictung · November 25, 2020, 9:26am

If you already enable that,

try create an IP list here and include the list of IP address you want to allow in this list.

After that, create a firewall rule which matches the following expression:

(http.request.method eq “GET” and http.request.full_uri contains “example.com/assets”
and (http.request.uri.path contains “/hotlink-ok/”
or http.referer contains “.example.com”
or http.referer contains “.example.org”))
and ip.src in $dummy_ip_list)

If you don’t want to create an IP list, then you may use the following firewall expression:

(http.request.method eq “GET” and http.request.full_uri contains “example.com/assets”
and (http.request.uri.path contains “/hotlink-ok/”
or http.referer contains “.example.com”
or http.referer contains “.example.org”))
and ip.src in (1.1.1.1 2.2.2.2 3.3.3.3 4.4.4.4 5.5.5.5))

The difference is just how you want to define the ip.src value.

Lastly, specify the action to “Bypass” - Hotlink Protection.

hipstore11 · November 25, 2020, 10:43am

It doesn’t work, all hotlink images are not displayed on the whitelisted domain

erictung · November 25, 2020, 10:45am

Can you share your firewall expression to us?

hipstore11 · November 25, 2020, 11:35am

I turned on Hotlink Protection

erictung · November 25, 2020, 11:49am

Try removing the “not” operator as shown in the screenshot.

hipstore11 · November 25, 2020, 11:52am

I removed “not” but still not active. List domain don’t display images.

erictung · November 25, 2020, 12:00pm

The firewall expression works for my website.

Can you check firewall events and see is there any triggered request related to the firewall rule?

hipstore11 · November 25, 2020, 12:49pm

I only have one Firewall Rules. Here is my settings panel.!

erictung · November 25, 2020, 12:52pm

Head over to the Overview tab and look for firewall logs.

hipstore11 · November 25, 2020, 1:08pm

Did you mean

erictung · November 25, 2020, 1:19pm

Correct.

Try this filter:

hipstore11 · November 25, 2020, 5:30pm

Please help me

erictung · November 26, 2020, 1:13am

Looks like it’s already bypassed the hotlink protection, but it’s weird that you still can’t see the images.

Try to visit the website again, then open F12 Developer Tools in the browser, and click Console tab. Then share your results with us.

mtkarena · November 26, 2020, 8:16am

informative. thanks to all

hipstore11 · November 26, 2020, 1:18pm

After all, I have configured the hotlink on nginx. Thank you for your support

Topic		Replies	Views
Hotlink Protection question Security firewall	9	8076	June 2, 2019
How to block setup a scrape shield to block specific IP from hotlinking Security	5	2135	April 6, 2022
Enable Hotlink Protection for one image Security	3	3398	January 31, 2019
Block certain domain and their subdomain from hotlinking images Security	11	3549	February 13, 2021
How to get Hotlink Protection but allow one domain through? Rules	2	953	January 17, 2024

How to allow list by IP (Hotlink by Page rule)

Related topics