chids nginx-forum at
Wed Sep 8 16:30:10 MSD 2010

Igor Sysoev Wrote:
> Changes with nginx 0.8.50                         
>               02 Sep 2010
>     *) Feature: the "secure_link",
> "secure_link_md5", and 
>        "secure_link_expires" directives of the
> ngx_http_secure_link_module.


While this is a very welcome enhancement to this module I'm having a
hard time figuring out its correct usage. It appears (to me) that
there's a limitation (bug?) in the base64 decoding.

As a simple test case I use:

location ~ ^/a/(?[0-9a-zA-Z\+/=]+) {
  secure_link_md5 "a";
  secure_link "$key";
  if ($secure_link = "") {
    return 501;
  if ($secure_link != "") {
    return 502;

A request to http://127.0.01:8182/a/DMF1ucDxtqgxw5niaXcmYQ== then
returns 502 as expected.

However if I change from:
secure_link_md5 "a";
secure_link_md5 "b";
and place a request to http://127.0.01:8182/a/kutf/uauL+w61xx3dTFXjw==
I receive a 501. I immediately thought is was the / in the base64
encoded data that caused this and tried to URL encode the base64 string
but it doesn't seem to work. I also tried using the "URL applications"
variant of Base 64 without any success.

What am I missing?

Mårten Gustafson

Posted at Nginx Forum:,126366,128387#msg-128387

More information about the nginx mailing list