Problem with Direct-Linking-Prevention
Tamashii
tamashii at jeranet.at
Tue Aug 23 09:00:30 UTC 2011
Hello!
Yesterday I've switched from Apache2 to Nginx - and ran into some
problems with the rewrite Rules.
I tried to do something like:
SetEnvIf Referer mydomain\.com localreferer
<FilesMatch \.(rar|zip)$>
Order deny,allow
Deny from all
Allow from env=localreferer
</FilesMatch>
(Which worked on Apache.)
And I came up with this:
## Stop Download Hijacking
location ~* (\.rar|\.zip)$ {
if ($http_referer !~
^(http://www.mydomain.com|http://mydomain.com) ) {
return 444;
}
}
Whole config for this server is:
server {
root /home/mydomain/files;
index index.php index.html;
server_name download.mydomain.com;
## Stop Download Hijacking
location ~* (\.rar|\.zip)$ {
if ($http_referer !~
^(http://www.mydomain.com|http://mydomain.com) ) {
return 444;
}
}
location / {
try_files $uri $uri/ /index.php;
}
include /etc/nginx/php;
}
Problem is - it seems to do nothing at all ... I can type a download
link into my browser and it loads (should block that unless it was
refered from mydomain).
Has anyone any ideas?
Thanks in advance!
Alexander
More information about the nginx
mailing list