On my php page,I give the url to my mp3 file in this format http://mp3.example.com/a.mp3?key=time()
then this request will go to nginx,can nginx do something like compare
the uri /a.mp3?key=time() with the current time() and if it is 180
seconds ago,403 error will return or it will rewrite to the normal file
/a.mp3
On my php page,I give the url to my mp3 file in this format http://mp3.example.com/a.mp3?key=time()
then this request will go to nginx,can nginx do something like compare the uri /a.mp3?key=time() with the current time() and if it is 180 seconds ago,403 error will return or it will rewrite to the normal file /a.mp3
So if you can do it on your php page, there is no problem that someone
who wants to leech file do same on his page. This solution is useless.
mind you, the link will be available indefinitely (ie will not expire)
and won’t work if the users REMOTE_ADDR changes between requests (eg is
behind a round-robin cluster of proxies).
But perhaps another variable can control both these factors…
On my php page,I give the url to my mp3 file in this format http://mp3.example.com/a.mp3?key=time()
then this request will go to nginx,can nginx do something like compare the uri /a.mp3?key=time() with the current time() and if it is 180 seconds ago,403 error will return or it will rewrite to the normal file /a.mp3
I think you should write a simple custom handler module.
To Thanos Chatziathanassiou,
Yes,if our url does not expire,then you can put my video on your website
(actually you link to my video),and that is what we donot want to
see,module_access_key cannot relove this.
XUFENG
2009-06-15
å‘件人:Thanos Chatziathanassiou
å‘é€æ—¥æœŸï¼š2009-06-15 17:33:28
收件人:nginx
抄é€ï¼š
主题:Re: how to secure downloading mp3 or flv files in nginx
On Mon, 15 Jun 2009 13:11:09 +0400, Igor S. wrote:
On Mon, Jun 15, 2009 at 05:05:31PM +0800, Delta Y. wrote:
Please refer to secure_link module
No, ngx_http_secure_link has no timestamp information, it’s just for URL
validating.
mind you, the link will be available indefinitely (ie will not expire)
and won’t work if the users REMOTE_ADDR changes between requests (eg is
behind a round-robin cluster of proxies).
But perhaps another variable can control both these factors…
???燨n my php page,I give the url to my mp3 file in this format http://mp3.example.com/a.mp3?key=time()
then this request will go to nginx,can nginx do something like compare the uri /a.mp3?key=time() with the current time() and if it is 180 seconds ago,403 error will return or it will rewrite to the normal file /a.mp3
So if you can do it on your php page, there is no problem that someone
who wants to leech file do same on his page. This solution is useless.
A PHP script with x-accel-redirect is the best way to implement this -
one internal script to generate content keys, and another to decode
and serve content (handling key verification, time-based expiration,
download counting and download-count based expiration, etc.) via
x-accel-redirect. Download counters are best handled using memcached.
Cheers
Kon
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.