Best way to block access by url and valid referrer?

François Battail fb at
Wed Apr 30 00:57:50 MSD 2008

Rt Ibmer <rtibmx at ...> writes:

> So assuming that its "good enough" for me to rely on matching their 
account id to a referrer what would you say is the best way to do what I was
inquiring about in my original message on the subject? 

I don't think think there's a good solution. If you don't want a huge config
file to maintain (I agree) you still need to store and query data to ensure if
access is allowed or not, but as Nginx is an asynchronous server you will block
all connections during these tests even if you code a specific module.

If you cannot modify the referring links I believe you can use the configuration
file using includes generated by a script to avoid database or ldap queries when
Nginx is running.

It's not a nice or efficient solution, but given the workflow I don't see
something better right now.

Best regards.

More information about the nginx mailing list