Possible to make subdomain only accessible through 'embed'

Ian Hobson hobson42 at gmail.com
Wed Mar 17 14:59:11 UTC 2021


Hi,

I have not tried it, but I believe if you set a cookie
on .domain.com to say that they are logged in (Note the leading .) , 
then you can read that cookie in all sub-domains, and check they are 
logged in to domain.com.

You might have to use domain.com, instead of docs.domain.com for the 
outer level.

RFC6265 is the standard that modern browsers follow
https://tools.ietf.org/html/rfc6265

The clause you might need in your server {} are of nginx is

if ($cookie_fileURI != "mymagicvalue") { return 403; }

Where "mymagicvalue" was put in the cookie upon successful login.

Regards

Ian

On 12/03/2021 20:56, Jore wrote:
> Hi there,
> 
> I have pages served from "embed.domain.com" that I'd only like to be 
> accessible when they're embedded in files served from "docs.domain.com"
> 
> Visualisation below:
> 
> Is it possible to lock down "embed.domain.com" so it can only be 
> accessed through "docs.domain.com"?
> 
> Can this be done with nginx conf or another method?
> 
> Thank you!
> Jore
> 
> 
> 
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 

-- 
Ian Hobson
Tel (+351) 910 418 473

-- 
This email has been checked for viruses by AVG.
https://www.avg.com



More information about the nginx mailing list