-
Notifications
You must be signed in to change notification settings - Fork 194
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow list images from specified domains #314
Comments
The easiest way is to specify your own images/ngx_conf/imagesweserv.conf Line 55 in 439f5c8
and let that resolver only respond to specific domains. It is the way we use to filter ourselves. We use Unbound as a local(host) resolver, which forwards the requests to OpenDNS, and adds some of our own blocklists for our public service. But it should be easy to let Unbound only respond to specific domains. |
If there's only one domain you want to allow, you can also use location /imgur {
weserv filter;
proxy_pass https://i.imgur.com:443/;
proxy_redirect off;
# Enable SNI on the upstream connection
proxy_ssl_server_name on;
# Use a custom user agent
proxy_set_header User-Agent "Mozilla/5.0 (compatible; ImageFetcher/9.0; +http://images.weserv.nl/)";
# Set upstream host
proxy_ssl_name "i.imgur.com";
proxy_set_header Host "i.imgur.com";
# Enable the upstream persistent connection
proxy_http_version 1.1;
proxy_set_header Connection "";
} $ curl -s -o /dev/null -w "%{http_code}" http://localhost/imgur/FY1AbSo.gif?w=512
200 |
I hope this information helped. Please feel free to re-open if questions remain. |
Another option is to use the For example: FROM ghcr.io/weserv/images:5.x
ARG SECRET
RUN cp ngx_conf/imagesweserv-secure-link.conf /etc/nginx/imagesweserv.conf \
&& sed -i "s/<SECRET>/$SECRET/g" /etc/nginx/imagesweserv.conf $ docker build --build-arg SECRET=mysecret -t weserv/images .
$ docker run -d -p 8080:80 --shm-size=1gb --name=weserv weserv/images
$ echo -n 'url=https://wsrv.nl/lichtenstein.jpg&w=100 mysecret' | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =
hqx4I-j6fhgY6LVhGTbHdw
$ curl -s -o /dev/null -w "%{http_code}" "localhost:8080/s/hqx4I-j6fhgY6LVhGTbHdw/?url=https://wsrv.nl/lichtenstein.jpg&w=100"
200
$ curl -s -o /dev/null -w "%{http_code}" "localhost:8080/s/hqx4I-j6fhgY6LVhGTbHdw/?url=https://wsrv.nl/lichtenstein.jpg&w=1000"
403 (ensure that you change |
I've achieved this with some nginx.conf tweaks
and inside the
|
If self hosting, is there a way to allow only images from a list of domains I specify?
eg. if the &url value is not on the allow list, then a 404 is returned.
The text was updated successfully, but these errors were encountered: