Nginx - how to implement hotlinking prevention?

Question

Seeking help from Nginx experts here.

I want to block people accessing CSS or JS directly from my website. A bit like this: http://assets.behance.net/

I got this reference from ServerFault: https://serverfault.com/a/332493/117595

location ~* (\.jpg|\.png|\.gif|\.jpeg|\.png)$ {
 valid_referers none blocked www.example.com example.com;
 if ($invalid_referer) {
    return 403;
 }
}

But a few questions:

1. In the valid_referers, how should I include all the domains from my vhosts directory, which contains the server block for all my domains on this server. (It's a dedicated WHM server with many Cpanel domains.) I would prefer this list of allowed domains to somehow be automated, in case we add more domains in the future.

2. More importantly, how can I make this in the main "http" block, and not server by server (i.e., the vhosts for each domain!)?

3. Isn't the "IF" condition going to make the Nginx server slower? We have stayed away from all IF blocks so far as I remember reading this has a significant adverse influence on performance.

Thanks!

Answer 1

Thanks @dmitry-paskal. I'll keep skipping "none". But the thing is that the 403 message is coming from nginx default. I have this in my "Server" block:

error_page 404 /404.html;
location = /404.html {
  root   /etc/nginx/html;
  internal;
}
error_page 403 /403.html;
  location = /403.html {
  root   /etc/nginx/html;
  allow all;
}
error_page 500 502 503 504  /500.html;  
  location = /500.html {  
  root  /etc/nginx/html;  
}  

And the directory /etc/nginx/html is chmod 777.

The docs and all the google search results I've found suggest that the above code should work. What am I missing, how can I show my own 403 page?