Securing URLs with the Secure Link Module in NGINX

Francis Daly francis at daoine.org
Fri Jun 7 20:59:02 UTC 2019


On Fri, Jun 07, 2019 at 06:47:54PM +0000, Andrew Andonopoulos wrote:

Hi there,

> This is the nginx config, do you think that i should use another method? like auth?

It looks to me like you could try using exactly the method in the document
you mentioned previously.

https://www.nginx.com/blog/securing-urls-secure-link-module-nginx-plus/

>     map $uri $hls_uri {
>         ~^(?<base_uri>.*).m3u8$ $base_uri;
>         ~^(?<base_uri>.*).ts$   $base_uri;
>         default                 $uri;
>     }

You create a variable $hls_uri which is "the uri without the .ts or
.m3u8", like that document does.

>            secure_link $arg_md5,$arg_expires;
>            secure_link_md5 "enigma$uri$secure_link_expires";

But your secure_link_md5 directive does not use that variable. Unlike
what that document does.

If there is still a problem after you fix that, can you show one request
that you make that does not give the response that you want?

Perhaps there is something unexpected in the way that the md5sum in the
link is generated or calculated.

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list