Prevent direct access to files but allow download from site
MAXMAXarena
nginx-forum at forum.nginx.org
Thu Mar 12 11:42:33 UTC 2020
j94305 Wrote:
-------------------------------------------------------
> 2. You use a session context: whenever a page validly serving a link
> to a certain content is delivered, you set a cookie. Retrievals to
> files require the cookie to be present. No cookie, no access.
>
> Cheers,
> --j.
Hi, the second option seem interesting and relatively "simple" solutions,
but I am having some problems.
I put a pdf file in the domain.com/assets/file/test.pdf directory
I created a cookie when a user logs in.
document.cookie = "user_logged = 1";
On Nginx I created this rule:
location ~ ^/assets/file/ {
if ($http_cookie ~* "user_logged") {
allow all;
}
root /path/to/root;
}
I also tried this:
location ~ ^/assets/file/ {
if ($cookie_user_logged = "1") {
allow all;
}
root /path/to/root;
}
But it seems not to work correctly, the user either manages to download from
the direct link https://domain.com/assets/file/test.pdf from the browser,
and from the a href tag of the site, or fails from either side.
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,287297,287315#msg-287315
More information about the nginx
mailing list