How to allow list by IP (Hotlink by Page rule)

If I want a allow list IP address, what should I configure? Thank you

If you mean hotlinking to images, you would need to create a firewall rule, probably by hand in the expression editor.

But you can probably start with the expression builder for a URL that contains jpg or png where the referrer is not your domain or the IP address is not in that list.

I’m on mobile right now and can’t post an example from Firewall Rules.

1 Like

I guess this is something you want to do?

1 Like

Thanks for reply.

I want list domain & list IP (Whitelisted Allow) as screenshot below

Did you already enable Hotlink Protection under Scrape Shield?

So I know what type of suggestions should provide.

If you already enable that,

try create an IP list here and include the list of IP address you want to allow in this list.

After that, create a firewall rule which matches the following expression:

(http.request.method eq “GET” and http.request.full_uri contains “example.com/assets
and (http.request.uri.path contains “/hotlink-ok/”
or http.referer contains “.example.com”
or http.referer contains “.example.org”))
and ip.src in $dummy_ip_list)

If you don’t want to create an IP list, then you may use the following firewall expression:

(http.request.method eq “GET” and http.request.full_uri contains “example.com/assets
and (http.request.uri.path contains “/hotlink-ok/”
or http.referer contains “.example.com”
or http.referer contains “.example.org”))
and ip.src in (1.1.1.1 2.2.2.2 3.3.3.3 4.4.4.4 5.5.5.5))

The difference is just how you want to define the ip.src value.

Lastly, specify the action to “Bypass” - Hotlink Protection.

It doesn’t work, all hotlink images are not displayed on the whitelisted domain

Can you share your firewall expression to us?

I turned on Hotlink Protection

Try removing the “not” operator as shown in the screenshot.

I removed “not” but still not active. List domain don’t display images.

The firewall expression works for my website.

Can you check firewall events and see is there any triggered request related to the firewall rule?

I only have one Firewall Rules. Here is my settings panel.!

Head over to the Overview tab and look for firewall logs.

Did you mean

Correct.

Try this filter:

image

Please help me

Looks like it’s already bypassed the hotlink protection, but it’s weird that you still can’t see the images.

Try to visit the website again, then open F12 Developer Tools in the browser, and click Console tab. Then share your results with us.

informative. thanks to all

After all, I have configured the hotlink on nginx. Thank you for your support