I'd use some kind of authentication based on a user logging in before allowing use of a service, an encrypted cookie or something along that line. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257269,257303#msg-257303