Secure Link Expires - URL Signing

anish10dec nginx-forum at
Wed Jan 10 08:15:05 UTC 2018

URL Signing by Secure Link MD5 , restricts the client from accessing the
secured object for limited time using below module

Exp time is sent as query parameter from client device

secure_link $arg_hash,$arg_exp;
secure_link_md5 "secret$arg_exp";
if ($secure_link = "") {return 405;}
if ($secure_link = "0") {return 410;} 

Here problem is that if expiry time i.e exp send from client is less than
server time nginx module returns 410 . 

But if some client changes the time of device to some future date and
request for object in that case also object will be delivered as client time
will be greater than server time.
Is there a way to restrict the request, by secure link module, to future
time so that for example object should be accessible only for 1 hour time
duration from current time.
Please suggest

Posted at Nginx Forum:,278063,278063#msg-278063

More information about the nginx mailing list