HttpSecureLinkModule Q?
Weibin Yao
nbubingo at gmail.com
Wed Dec 22 09:56:29 MSK 2010
António P. P. Almeida at 2010-12-22 13:53 wrote:
> I've updated the Wiki:
> http://wiki.nginx.org/HttpSecureLinkModule#For_Nginx_version_.E2.89.A5_0.8.50_-_better_handling_of_the_MD5_hash_and_adding_expiration_time
>
> based on the discussion on this thread. Please verify it.
>
I think you should add the expiration time in another argument like this:
http://example.com/p/file/top_secret.pdf?st=vXjVzvGW4363YG1I6vb11A&e=13245277231161
It seems that the new secure link module(above Nginx-0.8.50) uses the
raw binary format MD5 instead. And the php CLI is like this:
php -r 'print str_replace("=", "",
strtr(base64_encode(md5("segredo/p/files/top_secret.pdf13245277231161",
true)), "+/", "-_")) . "\n";'
And the configuration (have not tested yet):
location /p/ {
secure_link $arg_st,$arg_e; # this must match the URI part related
to the MD5 hash and expiration
secure_link_md5 segredo$uri$arg_e; # this is how the MD5 hash is
built from a secret token and an URI
## If the hash is incorrect then $secure_link is a null string.
if ($secure_link = "") {
return 403;
}
## The current local time is greater than the specified expiration time.
if ($secure_link = "0") {
return 403;
}
## If everything is ok $secure_link is 1.
## This needs to be here otherwise you'll get a 404.
rewrite ^/p/(.*)$ /p/$1 break;
}
> Thanks,
> --- appa
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
>
--
Weibin Yao
More information about the nginx
mailing list