We are using NginxHttpSecureLinkModule
(http://wiki.nginx.org/NginxHttpSecureLinkModule) to write secure links
for our media hosting, and we added on the TTL module so the links can
expire after X minutes
This has also been tested without this module, and with the latest
stable version (0.7.64) and the latest development version (0.8.32) and
the outcome has been the same.
When using a Secure Link, adding any request variables (?start=20) cause
it to fail and pass to our default 403 page. Without the Secure Links,
request variables work fine and are handled properly by the Location
tags in the config.
I thought that it might have been treating the request string as part of
the filename you’re hashing, so I included it within the has, but the
link also gave a 403 so I don’t believe it is. We’re trying to use it
to play video files through a flash player, which adds extra strings to
the url by default.
You should be able to reproduce it by appending a query string of any
type to any link using this module (secure_link_secret config option).