Securing URLs with the Secure Link Module in NGINX
Andrew Andonopoulos
andre8525 at hotmail.com
Fri Jun 7 21:51:49 UTC 2019
Hello,
I was trying a couple of things and forgot to switch it back. I tried again and this is the current map and secure link config:
map $uri $hls_uri {
~^(?<base_uri>.*).m3u8$ $base_uri;
~^(?<base_uri>.*).ts$ $base_uri;
default $uri;
}
secure_link $arg_md5,$arg_expires;
secure_link_md5 "enigma$hls_uri$secure_link_expires";
if ($secure_link = "") { return 403; }
if ($secure_link = "0") { return 410; }
Then i used this command to generate the expire date/time:
date -d "2019-06-08 23:30" +%s
1560033000
and this command to generate the md5:
echo -n 'enigma/hls/justin-timberlake/playlist1560033000' | openssl md5 -binary | openssl base64 | tr '+/' '-_' | tr -d '='
DWHdyTKR5vTqw10wNtnlIg
The request for the main manifest was ok:
Request URL: http://<domain>/hls/justin-timberlake/playlist.m3u8?md5=DWHdyTKR5vTqw10wNtnlIg&expires=1560033000<http://86.180.184.242/hls/justin-timberlake/playlist.m3u8?md5=DWHdyTKR5vTqw10wNtnlIg&expires=1560033000>
Request Method: GET
Status Code: 200 OK
But the content of the manifest doesn't have the md5
:
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-STREAM-INF:BANDWIDTH=200000,RESOLUTION=416x234
Justin_Timberlake_416_234_200.m3u8
#EXT-X-STREAM-INF:BANDWIDTH=300000,RESOLUTION=480x270
Justin_Timberlake_480_270_300.m3u8
#EXT-X-STREAM-INF:BANDWIDTH=600000,RESOLUTION=640x360
Justin_Timberlake_640_360_600.m3u8
#EXT-X-STREAM-INF:BANDWIDTH=900000,RESOLUTION=960x540
Justin_Timberlake_960_540_900.m3u8
#EXT-X-STREAM-INF:BANDWIDTH=1300000,RESOLUTION=1280x720
Justin_Timberlake_1280_720_1300.m3u8
As well as the other m3u8 manifest, so only the playlist have the md5 and expire:
Request URL: http://86.180.184.242/hls/justin-timberlake/Justin_Timberlake_640_360_600.m3u8
Request Method: GET
Status Code: 403 Forbidden
Thanks
Andrew
________________________________
From: nginx <nginx-bounces at nginx.org> on behalf of Francis Daly <francis at daoine.org>
Sent: Friday, June 7, 2019 8:59 PM
To: nginx at nginx.org
Subject: Re: Securing URLs with the Secure Link Module in NGINX
On Fri, Jun 07, 2019 at 06:47:54PM +0000, Andrew Andonopoulos wrote:
Hi there,
> This is the nginx config, do you think that i should use another method? like auth?
It looks to me like you could try using exactly the method in the document
you mentioned previously.
https://www.nginx.com/blog/securing-urls-secure-link-module-nginx-plus/
> map $uri $hls_uri {
> ~^(?<base_uri>.*).m3u8$ $base_uri;
> ~^(?<base_uri>.*).ts$ $base_uri;
> default $uri;
> }
You create a variable $hls_uri which is "the uri without the .ts or
.m3u8", like that document does.
> secure_link $arg_md5,$arg_expires;
> secure_link_md5 "enigma$uri$secure_link_expires";
But your secure_link_md5 directive does not use that variable. Unlike
what that document does.
If there is still a problem after you fix that, can you show one request
that you make that does not give the response that you want?
Perhaps there is something unexpected in the way that the md5sum in the
link is generated or calculated.
f
--
Francis Daly francis at daoine.org
_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190607/d9e1e14c/attachment.html>
More information about the nginx
mailing list