secure_link_secret

Syntax:	`secure_link_secret word;`
Default:	—
Context:	`location`

Defines a secret word used to check authenticity of requested links.

The full URI of a requested link looks as follows:

/prefix/hash/link

where hash is a hexadecimal representation of the MD5 hash computed for the concatenation of the link and secret word, and prefix is an arbitrary string without slashes.

If the requested link passes the authenticity check, the $secure_link variable is set to the link extracted from the request URI. Otherwise, the $secure_link variable is set to an empty string.

Example:

location /p/ {
    secure_link_secret secret;

    if ($secure_link = "") {
        return 403;
    }

    rewrite ^ /secure/$secure_link;
}

location /secure/ {
    internal;
}

A request of “/p/5e814704a28d9bc1914ff19fa0c4a00a/link” will be internally redirected to “/secure/link”.

On UNIX, the hash value for this example can be obtained as:

echo -n 'linksecret' | openssl md5 -hex

Links:

https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_secret

doc_nginx

2017-02-09 07:09:05

Comments