Prevent direct access to JPG

Hello guys,

I need a bit of help in executing the following.

  • when any user try to access all my JPGs through my website (e.g. by browsing my pages) I would like this to work.
  • instead, when they try to access all of my JPGs DIRECTLY (eg. by inputing the .jpg URL on the address bar), I want CF (WAF) to block the request.
  • when search engines try to access my images they should be allowed
  • cloudflare stream service should be whitelisted (videodelivery and websites) and should be able to access all of my images in any way

I tried multiple ways but couldn’t achieve this.

Is anyone able to help me?
I would be immensely grateful!!

Thanks a lot
Dr Fung

I don’t know what a request from Stream would look like, but this rule depends on your site setting a correct Referrer (this is usually on by default). And if it’s NOT a known (good) bot. Then block.

1 Like

Hello sdayman,

thanks a lot for your quick answer!
Unfortunately that didn’t work out and completely broke my website.
I added this:

And that partially solved my problem but some parts of my website are still broken…

My apologies. I did miss probably the most important part, the URI of the images.

What’s broken? If something on your site doesn’t include the Referer header, that rule won’t let the image load.

1 Like

Don’t worry I eventually figured it out by myself something was missing :wink:

It’s broken in the sense that on some pages the image don’t loads indeed.
I think it’s like you said: some pages use scripts or something where the referrer is empty or something, that’s why it prevents those images to load…

1 Like

The only other thing I can think of is Cloudflare’s pre-packaged Hotlink Protection on the Scrape Shield page. But it works pretty much the same way, though it appears to add one more rule: If Referrer does not equal “” (empty quotes for blank). That might be a last resort, and should help some.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.