Prevent direct access to files but allow download from site

MAXMAXarena nginx-forum at forum.nginx.org
Thu Mar 12 17:12:12 UTC 2020


Hi, thanks again for the reply.

HOW I want to block I don't know, I am on this forum for this reason.

I thought I was clear, I don't know how to explain it in different words.
I want to prevent the user from downloading the file without being logged on
my site.
The user MUST BE ABLE to download the file from the article pages when
LOGGED.
If the user is NOT LOGGED, he cannot download the file, therefore even
recovering the url, he must receive an error or any other type of block.

I have already tried using the parameter valid_referes, it seems that I have
to specify the domain and also the address of the article pages, but they
are dynamic, the article is not always the same. Maybe I'm doing something
wrong.

If I enter my domain as valid_referer, the user can still download the file
by retrieving the link of the site, from the download history (if he has
previously downloaded the file)

Example of an article address
domain.com/my-first-article

On this page there is a link to download a file located in this path:
domain.com/assets/file/test.pdf

The user does not need to be able to copy and paste this link into the
brower to access the file directly.

I'm continuing to try, but maybe I'm missing some operating logic.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,287297,287319#msg-287319



More information about the nginx mailing list