Rewrite module and secure download

trinsic nginx-forum at nginx.us
Wed Dec 16 07:42:18 MSK 2009 

Hi guys, having a bit of a pickle at the moment. I've set up the secure download module and its working as it should. The problem is when you try to use it, it appends the file name as the hex timestamp (without an extension) which is at the end of the URI which isn't the ideal way of downloading things. So I tried using the rewrite module to move the file name to the end of the link.

E.g
/save/dir/6450.png/097ac16cb19ff6c163d6f813fdd44b4d/4b283bfa
(works but downloads as 4b28264c instead of 6450.png)

The way the module works: < real path >/< file >/< md5 >/< timestamp >
The way I want it is: < real path >/< md5 >/< timestamp >/< file >

So in comes the rewrite rule. My new links look like:
/file/097ac16cb19ff6c163d6f813fdd44b4d/4b283bfa/dir/6450.png

I have moved the < md5 >/< timestamp > in front of the < file > in hopes it would now save the file name properly with its extension. My config is below:

	location / {
		rewrite  /file/(.*)/(.*)/(.*)/(.*)$  /save/$3/$4/$1/$2 break;
	}

	location /save {
		root /var/www/html/files/12-2009;
		secure_download on;
		secure_download_secret mypass;
		secure_download_path_mode file;
		secure_download_fail_location /error;

		add_header Content-Disposition attachment;

	}

As you can see the rewrite rule converts the link back to what it should be. That is it moves the < md5 >/< timestamp > to the end of the URI again and changes /file/ back to /save/. Except it now throws a 404 error. Looking in the debug error log it throws out this:

 31949#0: *1 "/file/(.*)/(.*)/(.*)/(.*)$" matches "/file/097ac16cb19ff6c163d6f813fdd44b4d/4b283bfa/dir/6450.png"
 31949#0: *1 rewritten data: "/save/dir/6450.png/097ac16cb19ff6c163d6f813fdd44b4d/4b283bfa"
 31949#0: *1 open() "/var/www/html/save/dir/6450.png/097ac16cb19ff6c163d6f813fdd44b4d/4b283bfa" failed (2: No such file or directory)

Pretty much the rewrite rule is converting it exactly as it should be: (line 2 of log)
/save/dir/6450.png/097ac16cb19ff6c163d6f813fdd44b4d/4b283bfa
(< real path >/< file >/< md5 >/< timestamp >)

But where is the secure download module? It hasn't popped up and done its business with the link. Instead line 3 of the log shows it trying to open the link when it should do this:

 8156#0: *3 securedownload: evaluated value of secret: "mypass"
 8156#0: *3 hashing string "/save/dir/6450.png/mypass/4b283bfa" with len 50
 8156#0: *3 computed hash: 097ac16cb19ff6c163d6f813fdd44b4d

Its apparent the rewrite module and the secure download module wont work together. What can I do to fix this?

I am currently using lighttpd and the modsecdownload module which this nginx module is based off, the only real difference is that the lighttpd module does all the above already (< real path >/< md5 >/< timestamp >/< file >) so it saves the file properly.

Hopefully I didn't miss anything out, any help is much appreciated!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,30777,30777#msg-30777

More information about the nginx mailing list