Prevent direct access to files but allow download from site

MAXMAXarena nginx-forum at
Fri Mar 13 13:20:01 UTC 2020

I managed to solve using cookies, but as you said, it is not secure.
Although I have no experience, I managed to bypass the control. 
Maybe it's not the safest way like I did, in any case it is not recommended
to proceed in this way.

I have experience with auth_basic, but using the terminal to create user and
password and to grant access.

Too many different information in this topic that I have opened, my fault, I
want to simplify it. 

I know I previously said I wanted to avoid using Curl, but
I would like to understand the mechanism.

Imagine that the user logs in and i provide him an url, for example:

curl -u {{}}:{{unique_value}}


curl -O{{unique_value}}

How can I find out with Nginx if the username and password are real or that
the user/unique_value is still active?
Should I somehow access the database or am I wrong?

Posted at Nginx Forum:,287297,287335#msg-287335

More information about the nginx mailing list