HttpSecureLinkModule Q?
António P. P. Almeida
appa at perusio.net
Wed Dec 22 10:47:46 MSK 2010
On 22 Dez 2010 06h56 WET, nbubingo at gmail.com wrote:
> António P. P. Almeida at 2010-12-22 13:53 wrote:
>> I've updated the Wiki:
>> http://wiki.nginx.org/HttpSecureLinkModule#For_Nginx_version_.E2.89.A5_0.8.50_-_better_handling_of_the_MD5_hash_and_adding_expiration_time
>>
>> based on the discussion on this thread. Please verify it.
>>
> I think you should add the expiration time in another argument like
> this:
> http://example.com/p/file/top_secret.pdf?st=vXjVzvGW4363YG1I6vb11A&e=13245277231161
> It seems that the new secure link module(above Nginx-0.8.50) uses
> the raw binary format MD5 instead. And the php CLI is like this: php
> -r 'print str_replace("=", "",
> strtr(base64_encode(md5("segredo/p/files/top_secret.pdf13245277231161",
> true)), "+/", "-_")) . "\n";'
Yes. This differs from when using secure_link_secret, that uses the string
form of the MD5 hash.
> And the configuration (have not tested yet):
>
> location /p/ {
> secure_link $arg_st,$arg_e; # this must match the URI part related
> to the MD5 hash and expiration
> secure_link_md5 segredo$uri$arg_e; # this is how the MD5 hash is
> built from a secret token and an URI
>
> ## If the hash is incorrect then $secure_link is a null string.
> if ($secure_link = "") {
> return 403;
> }
>
> ## The current local time is greater than the specified expiration
> ## time.
> if ($secure_link = "0") {
> return 403;
> }
>
> ## If everything is ok $secure_link is 1.
> ## This needs to be here otherwise you'll get a 404.
> rewrite ^/p/(.*)$ /p/$1 break;
> }
Done.
Thanks,
--- appa
More information about the nginx
mailing list