Secure Link Expires - URL Signing

Francis Daly francis at daoine.org
Wed Jan 10 08:47:49 UTC 2018


On Wed, Jan 10, 2018 at 03:15:05AM -0500, anish10dec wrote:
> URL Signing by Secure Link MD5 , restricts the client from accessing the
> secured object for limited time using below module

It can, if you configure it to.

> Exp time is sent as query parameter from client device
> 
> secure_link $arg_hash,$arg_exp;
> secure_link_md5 "secret$arg_exp";

http://nginx.org/r/secure_link_md5 says

"""
The expression should contain the secured part of a link (resource) and
a secret ingredient. If the link has a limited lifetime, the expression
should also contain $secure_link_expires.
"""

You appear to have included only one of the three pieces.

> Is there a way to restrict the request, by secure link module, to future
> time so that for example object should be accessible only for 1 hour time
> duration from current time.

Yes.

Create the link and do the configuration like the documentation suggests.

If it still does not work for you, can you show all of the steps that
you take to secure one specific url? That might make it clear where the
problem first appears. (Maybe the documentation needs changing.)

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list