Nginx-0.8.50

imixaly4 · September 2, 2010, 5:04pm

Changes with nginx 0.8.50 02 Sep
2010

*) Feature: the "secure_link", "secure_link_md5", and
   "secure_link_expires" directives of the

ngx_http_secure_link_module.

*) Feature: the -q switch.
   Thanks to Gena M..

*) Bugfix: worker processes may got caught in an endless loop during
   reconfiguration, if a caching was used; the bug had appeared in
   0.8.48.

*) Bugfix: in the "gzip_disable" directive.
   Thanks to Derrick Petzold.

*) Bugfix: nginx/Windows could not send stop, quit, reopen, and

reload
signals to a process run in other session.

–
Igor S.
http://sysoev.ru/en/

imixaly4 · September 2, 2010, 5:32pm

Changes with nginx 0.8.50 02 Sep
2010

*) Feature: the “secure_link”, “secure_link_md5”, and
“secure_link_expires” directives of the ngx_http_secure_link_module.

As already in the russian list ppl asked - could you explain the
directives
(some wiki/doc update) or even quick config example.

Anyways thanks for the nice work Igor.

–
rr

imixaly4 · September 2, 2010, 5:53pm

On Thu, Sep 02, 2010 at 06:31:32PM +0300, Reinis R. wrote:

Changes with nginx 0.8.50 02 Sep
2010

*) Feature: the “secure_link”, “secure_link_md5”, and
“secure_link_expires” directives of the ngx_http_secure_link_module.

As already in the russian list ppl asked - could you explain the directives
(some wiki/doc update) or even quick config example.

These directive add a new mode of the module operation.
Here is configuration example:

    location /p/ {
        location ~ ^/p/(?<secure>[\w\-=]+,\d+)(?<file>/.+)$ {

            secure_link          $secure;
            secure_link_md5

$secure_link_expires.$file.PASSWORD;
secure_link_expires on;

            if ($secure_link = "") {
                return 403;
            }

            if ($secure_link == 0) {
                return 410;
            }

            alias  /path/to$file;
        }

        return 404;

        error_page  403       /forbidden.html;
        error_page  404       /not_found.html;
        error_page  410  =403 /link_expired.html;
    }

The “secure_link” directive specifies how to get hash and optional
expiration time. The hash is md5 hash encoded in base64 for URIs
(i.e., where “+” and “/” are changed to “-” and “_”). The optional time
goes after “,”.
You can set hash in a URI, in a query string ($arg_secure), or in a
cookie
($cookie_secure).

The “secure_link_expires” directive specifies should the module test
the expiration time. You may add the time in URI, etc., but may not test
it.
The $secure_link_expires variable has the time value exctracted by
“secure_link” directive.

The “secure_link_md5” directive specifies string for md5 hash.

The $secure_link variable has the following values:

“” - no valid link
“0” - expired link
“1” - valid link

–
Igor S.
http://sysoev.ru/en/

imixaly4 · September 2, 2010, 8:39pm

On Thu, Sep 02, 2010 at 07:52:26PM +0400, Igor S. wrote:

            if ($secure_link = "") {
        return 404;
You can set hash in a URI, in a query string ($arg_secure), or in a cookie

“” - no valid link
“0” - expired link
“1” - valid link

Now I see that the “secure_link_expires” directive is surplus here:
if we want to test expiration time, we can do using “if ($secure_link =
0)”.
So I will remove it in the next release.

–
Igor S.
http://sysoev.ru/en/

imixaly4 · September 3, 2010, 3:17am

the same problem as nginx 0.8.45-0.8.49 segfault bug

Posted at Nginx Forum:

imixaly4 · September 8, 2010, 3:43pm

chids Wrote:

What am I missing?

What I was missing was of course the ability to combined the
information:

The hash is md5 hash encoded in base64 for URIs (i.e., where “+” and
“/” are changed to “-” and “_”)

In combination with my location regex which didn’t match on “-” and “_”

Sorry for not paying proper attention to what was already explained.

regards
MÃ¥rten

Posted at Nginx Forum:

imixaly4 · September 8, 2010, 2:30pm

Igor S. Wrote:

Changes with nginx 0.8.50
02 Sep 2010
*) Feature: the "secure_link",
“secure_link_md5”, and
“secure_link_expires” directives of the
ngx_http_secure_link_module.

Hello!

While this is a very welcome enhancement to this module I’m having a
hard time figuring out its correct usage. It appears (to me) that
there’s a limitation (bug?) in the base64 decoding.

As a simple test case I use:

location ~ ^/a/(?[0-9a-zA-Z+/=]+) {
secure_link_md5 “a”;
secure_link “$key”;
if ($secure_link = “”) {
return 501;
}
if ($secure_link != “”) {
return 502;
}
}

A request to http://127.0.01:8182/a/DMF1ucDxtqgxw5niaXcmYQ== then
returns 502 as expected.

However if I change from:
secure_link_md5 “a”;
to:
secure_link_md5 “b”;
and place a request to http://127.0.01:8182/a/kutf/uauL+w61xx3dTFXjw==
I receive a 501. I immediately thought is was the / in the base64
encoded data that caused this and tried to URL encode the base64 string
but it doesn’t seem to work. I also tried using the “URL applications”
variant of Base 64 without any success.

What am I missing?

regards
MÃ¥rten Gustafson

Posted at Nginx Forum: