Prevent Resource Hotlinking

Van

cPanel provides an easy method to prevent resource hotlinking under WordPress. However, Opalstack doesn't use cPanel. There is a method to prevent resource hotlinking though under Nginx by adding a line to the (server?) config file.

First question...does Opalstack add the line referenced in the link to the Nginx server config file for all installed apps?

Second question...if the answer is no to the the first question, then if a user wants the line added do they need to contact support? I'm not seeing a server config file when I access my account folders using SFTP under Filezilla.

sean

Van We don't block hotlinking in our main Nginx config and at this time it's not possible to add the config for individual users.

Because of this if you need to block hotlinking you'll need to do that in your application config. if your app config does not support it then you can instead run your own Nginx as a custom app working as an intermediate proxy with whatever config you need.

Van

sean I guess I'll have to submit a support request to have my WordPress apps environment converted to Apache then. Too many things can't be done under Nginx that can be done under Apache.

sean

Van I'll submit a feature request to see if we can get your suggestion added as a feature, but for now if you're unable to get the sort of blocking that you need from a plugin, CORS settings, etc then converting your app to Apache or running a private Nginx will be the way to go.

Van

sean Regarding the feature request...probably not the best idea since not everyone may want the same settings.

Two questions regarding switching from Nginx to Apache:

1) How long does the switch take?
2) Will .htaccess files be created if they do not currently exist? I have an .htaccess file for one of my apps created by a caching plugin, but I don't believe it currently does anything since I'm currently under Nginx.
3) Will I have to make any additional app changes on my own once the switch is completed?
4) Anything I should be aware of by making the switch?

nick

1) If you submit a ticket, we can convert any NGINX/PHP-FPM app to Apache almost instantly.
2) Our server will not create any such file, so you will need to supply your own.
3) Usually, no. But you should make the change at a time when your traffic is lowest just in case.
4) Make sure any .htaccess files in place are formatted properly to avoid 500 errors.

Van

nick Thank you, Nick. I think my .htaccess files should be good, but I'll brush up on the proper formatting just to be sure. I'll submit a ticket tomorrow as I will not be able to do any troubleshooting if the switch is done today and there are issues.

nick

Sounds good 🙂