# nginx valid_referers is not working any more...



## meteor8488 (Apr 13, 2015)

I'm using valid_referers to block access to my website's picture from other site.

I'm using below config:

```
location ~*^.+\.(jpg|jpeg|gif|png|bmp)$ {
expires 7d;
valid_referers none blocked www.example.com;
if ($invalid_referer) {
return 403;
}
}
```
It worked well in the past.

But now I found that someone just use below method to access my pictures. They can access my pictures via URLs like below

http://www.example.com/images/abc.jpg?0.9208715439582744
http://www.example.com/images/0o9.jpg?0.8152212035621078

How can I prevent them to access ?


----------



## quintessence (Apr 23, 2015)

Hello,

valid_referers cannot prevent accessing 'versioning' of static resources. It can prevent access to the static resource, but not to its 'version' (I mean here URIs like file.js?timestamp, file.css?timestamp, and your example with the pictures).

CORS always is an option depending on your needs, but if you don't want CORS, you can try with $args, good extended and explained example is a Pixabay solution.


----------

