Forum: NGINX NginxHttpSecureLinkModule

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Payam C. (Guest)
on 2009-05-04 16:49
(Received via mailing list)
Hey,

Is there a way where you can re-write and allow the secure link to
function for "/" ? I know the module states that it must not be /
however, there has to be around this or better questions, why must
this only be implemented on a non root path?

Thanks in advance
Burke L. (Guest)
on 2009-05-05 02:41
(Received via mailing list)
I just translated this a couple days ago. I wasn't _completely_ sure
that's what the Russian documentation meant. You could just try it and
see if it works.

Burke
Burke L. (Guest)
on 2009-05-05 02:45
(Received via mailing list)
Sorry, this is assuming, of course, that you're referring to the
English documentation on wiki.nginx.org. Can anyone confirm my
translation? :P

Thanks,

Burke
Payam C. (Guest)
on 2009-05-05 03:18
(Received via mailing list)
On Mon, May 4, 2009 at 3:33 PM, Burke L. <removed_email_address@domain.invalid>
wrote:
>> I just translated this a couple days ago. I wasn't _completely_ sure
>>> function for "/" ? I know the module states that it must not be /
>
>

Hey,

Yep, I saw the info on the ENG wiki page...
Thanks,
Igor S. (Guest)
on 2009-05-05 09:25
(Received via mailing list)
On Mon, May 04, 2009 at 05:33:13PM -0500, Burke L. wrote:

> Sorry, this is assuming, of course, that you're referring to the
> English documentation on wiki.nginx.org. Can anyone confirm my
> translation? :P

Thank you, it seems OK for me.
Payam C. (Guest)
on 2009-05-05 09:50
(Received via mailing list)
2009/5/4 Igor S. <removed_email_address@domain.invalid>:
>> Burke
>> > On Mon, May 4, 2009 at 7:38 AM, Payam C. <removed_email_address@domain.invalid> 
wrote:
>> >> Payam Tarverdyan Chychi
>> >>
>> >>
>> >
>
> --
> Igor S.
> http://sysoev.ru/en/
>
>

Is there any more information on this module at all? I cant seen to
find much doc on it. I tried it out but it simply re-directs me to a
403... not too sure exactly on where the user gets a chance to injet
the "secret_password" into the request to allow nginx to compare and
allow/dey
Igor S. (Guest)
on 2009-05-05 10:26
(Received via mailing list)
On Mon, May 04, 2009 at 10:43:24PM -0700, Payam C. wrote:

> >>
> >> >
> 403... not too sure exactly on where the user gets a chance to injet
> the "secret_password" into the request to allow nginx to compare and
> allow/dey

No, this module is not intended to enter password. This module is to
ensure that requested link is valid. It may be used in at least in two
cases:

1)  your.site.com/click?=some.other.site.com
2)  your.site.com/proxy/some.other.site.com

Without the module anyone may use

1)  your.site.com/click?=some.bad.site.com
2)  your.site.com/proxy/some.bad.site.com

The module ensure that these links

1)  your.site.com/click/md5-hash/some.other.site.com
2)  your.site.com/proxy/md5-hash/some.other.site.com

are valid ones.
This topic is locked and can not be replied to.