Re: Re: how to secure downloading mp3 or flv files in nginx

XUFENG xufengnju at sina.com
Mon Jun 15 14:07:57 MSD 2009


To Thanos Chatziathanassiou,
Yes,if our url does not expire,then you can put my video on your website (actually you link to my video),and that is what we donot want to see,module_access_key cannot relove this.
------------------				 
XUFENG
2009-06-15

-------------------------------------------------------------
发件人:Thanos Chatziathanassiou
发送日期:2009-06-15 17:33:28
收件人:nginx
抄送:
主题:Re: how to secure downloading mp3 or flv files in nginx

On Mon, 15 Jun 2009 13:11:09 +0400, Igor Sysoev wrote:

> On Mon, Jun 15, 2009 at 05:05:31PM +0800, Delta Yeh wrote:
> 
>> Please refer to secure_link module
> 
> No, ngx_http_secure_link has no timestamp information, it's just for URL
> validating.
> 

I've found nginx-accesskey module 
(http://wiki.nginx.org/Nginx3rdPartyModules#Access_Key_Module) 
quite useful for this.

something like:

        location ~ \.flv$ {
            accesskey   on;
            accesskey_hashmethod        md5;
            accesskey_arg       "key";

            accesskey_signature "secret_$remote_addr";
        }

in the config and  then the link would be 

http://host/download.php?key=<md5 hash of secret_REMOTE_ADDR>

mind you, the link will be available indefinitely (ie will not expire) 
and won't work if the users REMOTE_ADDR changes between requests (eg is 
behind a round-robin cluster of proxies).
But perhaps another variable can control both these factors..







More information about the nginx mailing list