Changes with nginx 0.8.50 02 Sep
2010
*) Feature: the "secure_link", "secure_link_md5", and
"secure_link_expires" directives of the
ngx_http_secure_link_module.
*) Feature: the -q switch.
Thanks to Gena M..
*) Bugfix: worker processes may got caught in an endless loop during
reconfiguration, if a caching was used; the bug had appeared in
0.8.48.
*) Bugfix: in the "gzip_disable" directive.
Thanks to Derrick Petzold.
*) Bugfix: nginx/Windows could not send stop, quit, reopen, and
reload
signals to a process run in other session.
–
Igor S.
http://sysoev.ru/en/
Changes with nginx 0.8.50 02 Sep
2010
*) Feature: the “secure_link”, “secure_link_md5”, and
“secure_link_expires” directives of the ngx_http_secure_link_module.
As already in the russian list ppl asked - could you explain the
directives
(some wiki/doc update) or even quick config example.
Anyways thanks for the nice work Igor.
–
rr
On Thu, Sep 02, 2010 at 06:31:32PM +0300, Reinis R. wrote:
Changes with nginx 0.8.50 02 Sep
2010
*) Feature: the “secure_link”, “secure_link_md5”, and
“secure_link_expires” directives of the ngx_http_secure_link_module.
As already in the russian list ppl asked - could you explain the directives
(some wiki/doc update) or even quick config example.
These directive add a new mode of the module operation.
Here is configuration example:
location /p/ {
location ~ ^/p/(?<secure>[\w\-=]+,\d+)(?<file>/.+)$ {
secure_link $secure;
secure_link_md5
$secure_link_expires.$file.PASSWORD;
secure_link_expires on;
if ($secure_link = "") {
return 403;
}
if ($secure_link == 0) {
return 410;
}
alias /path/to$file;
}
return 404;
error_page 403 /forbidden.html;
error_page 404 /not_found.html;
error_page 410 =403 /link_expired.html;
}
The “secure_link” directive specifies how to get hash and optional
expiration time. The hash is md5 hash encoded in base64 for URIs
(i.e., where “+” and “/” are changed to “-” and “_”). The optional time
goes after “,”.
You can set hash in a URI, in a query string ($arg_secure), or in a
cookie
($cookie_secure).
The “secure_link_expires” directive specifies should the module test
the expiration time. You may add the time in URI, etc., but may not test
it.
The $secure_link_expires variable has the time value exctracted by
“secure_link” directive.
The “secure_link_md5” directive specifies string for md5 hash.
The $secure_link variable has the following values:
“” - no valid link
“0” - expired link
“1” - valid link
–
Igor S.
http://sysoev.ru/en/
On Thu, Sep 02, 2010 at 07:52:26PM +0400, Igor S. wrote:
if ($secure_link = "") {
return 404;
You can set hash in a URI, in a query string ($arg_secure), or in a cookie
“” - no valid link
“0” - expired link
“1” - valid link
Now I see that the “secure_link_expires” directive is surplus here:
if we want to test expiration time, we can do using “if ($secure_link =
0)”.
So I will remove it in the next release.
–
Igor S.
http://sysoev.ru/en/
the same problem as nginx 0.8.45-0.8.49 segfault bug
Posted at Nginx Forum:
chids Wrote:
What am I missing?
What I was missing was of course the ability to combined the
information:
The hash is md5 hash encoded in base64 for URIs (i.e., where “+” and
“/” are changed to “-” and “_”)
In combination with my location regex which didn’t match on “-” and “_”
Sorry for not paying proper attention to what was already explained.
regards
MÃ¥rten
Posted at Nginx Forum:
Igor S. Wrote:
Changes with nginx 0.8.50
02 Sep 2010
*) Feature: the "secure_link",
“secure_link_md5”, and
“secure_link_expires” directives of the
ngx_http_secure_link_module.
Hello!
While this is a very welcome enhancement to this module I’m having a
hard time figuring out its correct usage. It appears (to me) that
there’s a limitation (bug?) in the base64 decoding.
As a simple test case I use:
location ~ ^/a/(?[0-9a-zA-Z+/=]+) {
secure_link_md5 “a”;
secure_link “$key”;
if ($secure_link = “”) {
return 501;
}
if ($secure_link != “”) {
return 502;
}
}
A request to http://127.0.01:8182/a/DMF1ucDxtqgxw5niaXcmYQ== then
returns 502 as expected.
However if I change from:
secure_link_md5 “a”;
to:
secure_link_md5 “b”;
and place a request to http://127.0.01:8182/a/kutf/uauL+w61xx3dTFXjw==
I receive a 501. I immediately thought is was the / in the base64
encoded data that caused this and tried to URL encode the base64 string
but it doesn’t seem to work. I also tried using the “URL applications”
variant of Base 64 without any success.
What am I missing?
regards
MÃ¥rten Gustafson
Posted at Nginx Forum: