Re: Re: how to secure downloading mp3 or flv files in nginx
XUFENG
xufengnju at sina.com
Mon Jun 15 14:07:57 MSD 2009
To Thanos Chatziathanassiou,
Yes,if our url does not expire,then you can put my video on your website (actually you link to my video),and that is what we donot want to see,module_access_key cannot relove this.
------------------
XUFENG
2009-06-15
-------------------------------------------------------------
发件人:Thanos Chatziathanassiou
发送日期:2009-06-15 17:33:28
收件人:nginx
抄送:
主题:Re: how to secure downloading mp3 or flv files in nginx
On Mon, 15 Jun 2009 13:11:09 +0400, Igor Sysoev wrote:
> On Mon, Jun 15, 2009 at 05:05:31PM +0800, Delta Yeh wrote:
>
>> Please refer to secure_link module
>
> No, ngx_http_secure_link has no timestamp information, it's just for URL
> validating.
>
I've found nginx-accesskey module
(http://wiki.nginx.org/Nginx3rdPartyModules#Access_Key_Module)
quite useful for this.
something like:
location ~ \.flv$ {
accesskey on;
accesskey_hashmethod md5;
accesskey_arg "key";
accesskey_signature "secret_$remote_addr";
}
in the config and then the link would be
http://host/download.php?key=<md5 hash of secret_REMOTE_ADDR>
mind you, the link will be available indefinitely (ie will not expire)
and won't work if the users REMOTE_ADDR changes between requests (eg is
behind a round-robin cluster of proxies).
But perhaps another variable can control both these factors..
More information about the nginx
mailing list