Nginx - Google Summer of Code ideas

张立冰 zhang.libing at gmail.com
Thu Mar 12 16:30:49 MSK 2009


And here is a post about this topic.
http://www.libing.name/2008/11/23/nginx-application-access.html
I'm sorry, it is in Chinese. But I think the script at this page will
helpful for you.

2009/3/12 张立冰 <zhang.libing at gmail.com>

> Hi,Huy Phan.
>
>  Wow, we did the same job. [?]
>
> 2. When the request is valid (the token is exist), it returns 404, and then
>> internal redirect to the 'real' place => If someone knows the url of real
>> place,
>> he can access without any authentication.
>>
>
> Yes, I hook the http status 404, and redirect to the 'real' place at the
> backend. BUT this place must be placed at intranet or the same server, just
> like 127.0.0.1.And that is the trust environment. ^_^
>
> I have placed a simple conf at this page.(
> http://www.libing.name/2009/03/11/nginx-token-module.html).
>
> http://thread.gmane.org/gmane.comp.web.nginx.english/10008
>> http://thread.gmane.org/gmane.comp.web.nginx.english/10379
>>
>
> I have checked those two posts.It seems you want a module to do the access
> check job for media files.(/v/empty.flv?token=1234).
> And I think there is no need memcached to store the check token. Maybe you
> can work with http access key module<http://www.nginx-community.org/NginxHttpAccessKeyModule>
> and mod_parsed_vars <http://hg.mperillo.ath.cx/nginx/mod_parsed_vars>to
> generate dynamic token with COOKIE/GET/POST vars. Just like sessionid.And
> that is betteeeer than work with memcached.
>
>
> On Thu, Mar 12, 2009 at 8:17 PM, Huy Phan <dachuy at gmail.com> wrote:
>
>> 张立冰 <zhang.libing at ...> writes:
>>
>> >
>> >
>> > Digest Authentication?
>> >
>> > I have Implemented a simple token module, used for http authentication
>> with
>> backend memcached. Maybe that is helpful for you.
>> >
>>
>> Hi zhang,
>> really interesting to see your modules, the idea is exactly what im trying
>> to do
>> these 2 weeks.
>> What I see after checking your code is that :
>> 1. If the token is invalid : return 403, otherwise 404.
>> 2. When the request is valid (the token is exist), it returns 404, and
>> then
>> internal redirect to the 'real' place => If someone knows the url of real
>> place,
>> he can access without any authentication.
>>
>> I had develop a module similar like that ( in fact I see that we have 80%
>> same
>> code ), but the process is a little different. Can you take a look at
>> these
>> threads and we can work on it together :)
>>
>> http://thread.gmane.org/gmane.comp.web.nginx.english/10008
>> http://thread.gmane.org/gmane.comp.web.nginx.english/10379
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> The time you enjoy wasting is not wasted time!
>



-- 
The time you enjoy wasting is not wasted time!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20090312/f8995d40/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 453 bytes
Desc: not available
URL: <http://nginx.org/pipermail/nginx/attachments/20090312/f8995d40/attachment.gif>


More information about the nginx mailing list