NginxHttpSecureLinkModule

Igor Sysoev is at rambler-co.ru
Tue May 5 10:11:23 MSD 2009


On Mon, May 04, 2009 at 10:43:24PM -0700, Payam Chychi wrote:

> 2009/5/4 Igor Sysoev <is at rambler-co.ru>:
> > On Mon, May 04, 2009 at 05:33:13PM -0500, Burke Libbey wrote:
> >
> >> Sorry, this is assuming, of course, that you're referring to the
> >> English documentation on wiki.nginx.org. Can anyone confirm my
> >> translation? :P
> >
> > Thank you, it seems OK for me.
> >
> >> Thanks,
> >>
> >> Burke
> >>
> >>
> >> On Mon, May 4, 2009 at 5:32 PM, Burke Libbey <burke at burkelibbey.org> wrote:
> >> > I just translated this a couple days ago. I wasn't _completely_ sure
> >> > that's what the Russian documentation meant. You could just try it and
> >> > see if it works.
> >> >
> >> > Burke
> >> >
> >> >
> >> > On Mon, May 4, 2009 at 7:38 AM, Payam Chychi <pchychi at gmail.com> wrote:
> >> >> Hey,
> >> >>
> >> >> Is there a way where you can re-write and allow the secure link to
> >> >> function for "/" ? I know the module states that it must not be /
> >> >> however, there has to be around this or better questions, why must
> >> >> this only be implemented on a non root path?
> 
> Is there any more information on this module at all? I cant seen to
> find much doc on it. I tried it out but it simply re-directs me to a
> 403... not too sure exactly on where the user gets a chance to injet
> the "secret_password" into the request to allow nginx to compare and
> allow/dey

No, this module is not intended to enter password. This module is to
ensure that requested link is valid. It may be used in at least in two
cases:

1)  your.site.com/click?=some.other.site.com
2)  your.site.com/proxy/some.other.site.com

Without the module anyone may use

1)  your.site.com/click?=some.bad.site.com
2)  your.site.com/proxy/some.bad.site.com

The module ensure that these links

1)  your.site.com/click/md5-hash/some.other.site.com
2)  your.site.com/proxy/md5-hash/some.other.site.com

are valid ones.


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list