nginx-0.8.50
chids
nginx-forum at nginx.us
Wed Sep 8 16:30:10 MSD 2010
Igor Sysoev Wrote:
-------------------------------------------------------
> Changes with nginx 0.8.50
> 02 Sep 2010
>
> *) Feature: the "secure_link",
> "secure_link_md5", and
> "secure_link_expires" directives of the
> ngx_http_secure_link_module.
Hello!
While this is a very welcome enhancement to this module I'm having a
hard time figuring out its correct usage. It appears (to me) that
there's a limitation (bug?) in the base64 decoding.
As a simple test case I use:
location ~ ^/a/(?[0-9a-zA-Z\+/=]+) {
secure_link_md5 "a";
secure_link "$key";
if ($secure_link = "") {
return 501;
}
if ($secure_link != "") {
return 502;
}
}
A request to http://127.0.01:8182/a/DMF1ucDxtqgxw5niaXcmYQ== then
returns 502 as expected.
However if I change from:
secure_link_md5 "a";
to:
secure_link_md5 "b";
and place a request to http://127.0.01:8182/a/kutf/uauL+w61xx3dTFXjw==
I receive a 501. I immediately thought is was the / in the base64
encoded data that caused this and tried to URL encode the base64 string
but it doesn't seem to work. I also tried using the "URL applications"
variant of Base 64 without any success.
What am I missing?
regards
Mårten Gustafson
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,126366,128387#msg-128387
More information about the nginx
mailing list