NGINX http-secure-link iphone issue !!

Francis Daly francis at
Wed Aug 10 07:24:04 UTC 2016

On Wed, Aug 10, 2016 at 12:07:58PM +0500, shahzaib mushtaq wrote:

Hi there,

> We've depolyed NGINX ngx_*http*_*secure*_*link*_module in our website based
> on php programming & its working well.

That much makes sense.

> Player is providing correct hash+expiry to serve links.

I'm not sure about that bit -- what is the player? (It may not matter;
I presume it is "something on your back-end that is doing things right".)

> Though we're facing problem authenticating md5 from iphone mobile which is
> generating md5 based on C objective language & looks like this hash is
> somewhat different & have authenticating issue against NGINX md5.

But that part confuses me.

Why does the client have anything to do with md5 and generating things?

The usual model is that something on the server creates the "secure"
url, and gives it to the client. The client then requests that url;
the server checks that it is valid, and the server issues the content.

Does your system use a different model?

> Is there any way of fixing it ?

Examine your design. Examine your implementation. See where it does not
do what you expect. Change that piece.

I don't think that there are enough details provided yet to give a more
specific answer.

> Short conclusion :
> Web APP == good
> Mobile APP == bad

What do the APPs do, other than request urls that they have been given?

Good luck with it,

Francis Daly        francis at

More information about the nginx mailing list