nginx-0.8.50

Igor Sysoev igor at sysoev.ru
Thu Sep 2 22:38:28 MSD 2010 

On Thu, Sep 02, 2010 at 07:52:26PM +0400, Igor Sysoev wrote:

> On Thu, Sep 02, 2010 at 06:31:32PM +0300, Reinis Rozitis wrote:
> 
> > > Changes with nginx 0.8.50                                        02 Sep 
> > > 2010
> > >
> > >    *) Feature: the "secure_link", "secure_link_md5", and
> > >       "secure_link_expires" directives of the ngx_http_secure_link_module.
> > 
> > As already in the russian list ppl asked - could you explain the directives 
> > (some wiki/doc update) or even quick config example.
> 
> These directive add a new mode of the module operation.
> Here is configuration example:
> 
>         location /p/ {
>             location ~ ^/p/(?<secure>[\w\-=]+,\d+)(?<file>/.+)$ {
> 
>                 secure_link          $secure;
>                 secure_link_md5      $secure_link_expires.$file.PASSWORD;
>                 secure_link_expires  on;
> 
>                 if ($secure_link = "") {
>                     return 403;
>                 }
> 
>                 if ($secure_link == 0) {
>                     return 410;
>                 }
> 
>                 alias  /path/to$file;
>             }
> 
>             return 404;
> 
>             error_page  403       /forbidden.html;
>             error_page  404       /not_found.html;
>             error_page  410  =403 /link_expired.html;
>         }
> 
> The "secure_link" directive specifies how to get hash and optional
> expiration time. The hash is md5 hash encoded in base64 for URIs
> (i.e., where "+" and "/" are changed to "-" and "_"). The optional time
> goes after ",".
> You can set hash in a URI, in a query string ($arg_secure), or in a cookie
> ($cookie_secure).
> 
> The "secure_link_expires" directive specifies should the module test
> the expiration time. You may add the time in URI, etc., but may not test it.
> The $secure_link_expires variable has the time value exctracted by
> "secure_link" directive.
> 
> The "secure_link_md5" directive specifies string for md5 hash.
> 
> The $secure_link variable has the following values:
> 
> ""  - no valid link
> "0" - expired link
> "1" - valid link

Now I see that the "secure_link_expires" directive is surplus here:
if we want to test expiration time, we can do using "if ($secure_link = 0)".
So I will remove it in the next release.


-- 
Igor Sysoev
http://sysoev.ru/en/

More information about the nginx mailing list