Prevent direct access to files but allow download from site
abbot at monksofcool.net
Fri Mar 13 00:15:58 UTC 2020
> The user MUST BE ABLE to download the file from the article pages when
> LOGGED. If the user is NOT LOGGED, he cannot download the file,
> therefore even recovering the url, he must receive an error or any
> other type of block.
You describe restricted access, not public access. That differs from
your OP where you wanted to have it both ways. See NGINX docs, section
"Restricting Access with HTTP Basic Authentication". The latter can be
replaced with LDAP or whatever auth mechanism you prefer should basic
authentication not be to your taste.
More information about the nginx