Migrating from Lighttpd : mod_secdownload show-stopper ?

Francis Daly francis at daoine.org
Thu Jun 9 23:05:19 MSD 2011

On Thu, Jun 09, 2011 at 11:54:46AM -0400, Epstein wrote:

Hi there,

> I want to migrate from Lighty too. Works so far but i need to use that
> "secdownload" functionality of Lighty.

To be utterly clear: do you need to use secdownload from Lighty; or
do you need to use some expiring download feature, such as Lighty's
secdownload or nginx's secure_link_module?

Because if "something like" is good enough, then you can aim to use
nginx's one in future, and therefore only need a short-term workaround
for currently-advertised urls. When the last of the old urls expires,
you can disable the workaround.

In the meantime, you create new urls in the nginx style, and they are
handled natively.

> I tried ntr0pies solution, but can't get it to work because of that
> time-value ... i think. I get a 404 everytime.

Look one reply above that in the forum, from February 23.

The line

$check = md5("${file}.${time}.${secret}");

is utterly wrong -- it should be something more like

$check = md5($secret.$file.$time);


$check = md5("${secret}${file}${time}");

but the rest should probably Just Work; or at least it should be obvious
to find out where it is failing.

Good luck,

Francis Daly        francis at daoine.org

More information about the nginx mailing list