NginxHttpSecureLinkModule


#1

Hey,

Is there a way where you can re-write and allow the secure link to
function for “/” ? I know the module states that it must not be /
however, there has to be around this or better questions, why must
this only be implemented on a non root path?

Thanks in advance


#2

I just translated this a couple days ago. I wasn’t completely sure
that’s what the Russian documentation meant. You could just try it and
see if it works.

Burke


#3

Sorry, this is assuming, of course, that you’re referring to the
English documentation on wiki.nginx.org. Can anyone confirm my
translation? :stuck_out_tongue:

Thanks,

Burke


#4

On Mon, May 4, 2009 at 3:33 PM, Burke L. removed_email_address@domain.invalid
wrote:

I just translated this a couple days ago. I wasn’t completely sure

function for “/” ? I know the module states that it must not be /

Hey,

Yep, I saw the info on the ENG wiki page…
Thanks,


#5

2009/5/4 Igor S. removed_email_address@domain.invalid:

Burke

On Mon, May 4, 2009 at 7:38 AM, Payam C. removed_email_address@domain.invalid wrote:

Payam Tarverdyan Chychi


Igor S.
http://sysoev.ru/en/

Is there any more information on this module at all? I cant seen to
find much doc on it. I tried it out but it simply re-directs me to a
403… not too sure exactly on where the user gets a chance to injet
the “secret_password” into the request to allow nginx to compare and
allow/dey


#6

On Mon, May 04, 2009 at 05:33:13PM -0500, Burke L. wrote:

Sorry, this is assuming, of course, that you’re referring to the
English documentation on wiki.nginx.org. Can anyone confirm my
translation? :stuck_out_tongue:

Thank you, it seems OK for me.


#7

On Mon, May 04, 2009 at 10:43:24PM -0700, Payam C. wrote:

403… not too sure exactly on where the user gets a chance to injet
the “secret_password” into the request to allow nginx to compare and
allow/dey

No, this module is not intended to enter password. This module is to
ensure that requested link is valid. It may be used in at least in two
cases:

  1. your.site.com/click?=some.other.site.com
  2. your.site.com/proxy/some.other.site.com

Without the module anyone may use

  1. your.site.com/click?=some.bad.site.com
  2. your.site.com/proxy/some.bad.site.com

The module ensure that these links

  1. your.site.com/click/md5-hash/some.other.site.com
  2. your.site.com/proxy/md5-hash/some.other.site.com

are valid ones.