Prevent direct access to files but allow download from site
MAXMAXarena
nginx-forum at forum.nginx.org
Fri Mar 13 13:20:01 UTC 2020
I managed to solve using cookies, but as you said, it is not secure.
Although I have no experience, I managed to bypass the control.
Maybe it's not the safest way like I did, in any case it is not recommended
to proceed in this way.
I have experience with auth_basic, but using the terminal to create user and
password and to grant access.
Too many different information in this topic that I have opened, my fault, I
want to simplify it.
I know I previously said I wanted to avoid using Curl, but
I would like to understand the mechanism.
Imagine that the user logs in and i provide him an url, for example:
curl -u {{user.id}}:{{unique_value}}
https://domain.com/assets/file/test.txt
Or
curl -O https://domain.com/assets/file/test.txt?param={{unique_value}}
How can I find out with Nginx if the username and password are real or that
the user/unique_value is still active?
Should I somehow access the database or am I wrong?
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,287297,287335#msg-287335
More information about the nginx
mailing list