NginxHttpSecureLinkModule not handling query stringf

David Lindauer lists at ruby-forum.com
Mon Jan 18 06:31:05 MSK 2010


We are using NginxHttpSecureLinkModule
(http://wiki.nginx.org/NginxHttpSecureLinkModule) to write secure links
for our media hosting, and we added on the TTL module so the links can
expire after X minutes
(http://www.masterzen.fr/2009/07/18/nginx-secure-link-module-with-ttl/).
This has also been tested without this module, and with the latest
stable version (0.7.64) and the latest development version (0.8.32) and
the outcome has been the same.

When using a Secure Link, adding any request variables (?start=20) cause
it to fail and pass to our default 403 page.  Without the Secure Links,
request variables work fine and are handled properly by the Location
tags in the config.

I thought that it might have been treating the request string as part of
the filename you're hashing, so I included it within the has, but the
link also gave a 403 so I don't believe it is.  We're trying to use it
to play video files through a flash player, which adds extra strings to
the url by default.

You should be able to reproduce it by appending a query string of any
type to any link using this module (secure_link_secret config option).
-- 
Posted via http://www.ruby-forum.com/.



More information about the nginx mailing list