Prevent direct access to files but allow download from site

MAXMAXarena nginx-forum at
Thu Mar 12 11:42:33 UTC 2020

j94305 Wrote:
> 2. You use a session context: whenever a page validly serving a link
> to a certain content is delivered, you set a cookie. Retrievals to
> files require the cookie to be present. No cookie, no access.
> Cheers,
> --j.

Hi, the second option seem interesting and relatively "simple" solutions,
but I am having some problems.

I put a pdf file in the directory

I created a cookie when a user logs in.
document.cookie = "user_logged = 1";

On Nginx I created this rule:

    location ~ ^/assets/file/ {
    	if ($http_cookie ~* "user_logged") {
    		allow all;
    	root /path/to/root;

I also tried this:

    location ~ ^/assets/file/ {
    	if ($cookie_user_logged = "1") {
    		allow all;
    	root /path/to/root;

But it seems not to work correctly, the user either manages to download from
the direct link from the browser, 
and from the a href tag of the site, or fails from either side.

Posted at Nginx Forum:,287297,287315#msg-287315

More information about the nginx mailing list