Restrict direct link file access

Server NGINX
1

Hi,

Could nginx restrict direct link access / hotlink access to specified
file/extension ?

I try to write the rules like this :

location ~ ^/*(.exe)$ {
deny ip.ad.dr.es;
}

But nothing happen, the files still can be downloaded by denied ip
address.

Somebody help me please :slight_smile:

2

On Fri, Aug 13, 2010 at 3:44 AM, antituhan [email protected] wrote:

Hi, Could nginx restrict direct link access / hotlink access to specified
file/extension ?
I try to write the rules like this :

location ~ ^/*(.exe)$ {
deny ip.ad.dr.es;
}

But nothing happen, the files still can be downloaded by denied ip address.
Somebody help me please :slight_smile:

at least, you forgot a dot.

location ~ ^/.*(.exe)$ {
deny ip.ad.dr.es;
}

(note that I’m not too familiar with deny directive)

–
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

3

I’ve added a dot in front of *, like this :

location ~ ^/.*(.exe)$ {
deny ip.ad.dr.es;
}

And still not working :frowning:

4

Thanks, but this rules will show 404 not found on my site :frowning:
Unlisted IP (allowed IP) will be redirected to 404 not found page.

View this message in context:
http://nginx.2469901.n2.nabble.com/ASK-Restrict-direct-link-file-access-tp5417795p5428735.html
Sent from the nginx mailing list archive at Nabble.com.

5

May be, this example of URL can explain more …

http://www.mydomain.com/e107_files/downloads/OS/81xx/8100_PBr4.5.0_rel174_PL2.7.0.92_A4.5.0.124.exe
(for .exe files)
http://www.mydomain.com/e107_files/downloads/DM/600_b042_multilanguage.exe
(the same .exe files but in different directory)

Thanks
antituhan

6

On Thu, 2010-08-12 at 13:44 -0700, antituhan wrote:

Hi, Could nginx restrict direct link access / hotlink access to
specified file/extension ?
I try to write the rules like this :
location ~ ^/*(.exe)$ {
deny ip.ad.dr.es;
}

location ~ .exe$ {
deny ip.ad.dr.es;
}

Cliff

7

On Mon, 2010-08-16 at 10:27 -0700, antituhan wrote:

Thanks, but this rules will show 404 not found on my site :frowning:
Unlisted IP (allowed IP) will be redirected to 404 not found page.

You need to have a root directive. Either put one in the server section
(generally preferred) or if your .exe’s are in a particular place, you
can put it in the location directive.

If that doesn’t fix it then you will need to post your config so someone
can help you debug it.

Cliff

–

8

You should look into x-file-redirect. That way you can have a backend
script handle the authentication and then let Nginx handle the streaming
part if the user is allowed to download .

Posted at Nginx Forum:

9

If I put the deny rules on a root directive, the rule will blocked all
access. But I just want to block the specified extension. :frowning: I’ve tried
many
regular expression, but I can’t find the right one :frowning:

View this message in context:
http://nginx.2469901.n2.nabble.com/ASK-Restrict-direct-link-file-access-tp5417795p5434627.html
Sent from the nginx mailing list archive at Nabble.com.

10

On Tue, 2010-08-17 at 17:38 -0700, antituhan wrote:

If I put the deny rules on a root directive, the rule will blocked all
access.

Not a root location, a root directive:

http://wiki.nginx.org/NginxHttpCoreModule#root

Since you now get 404’s for authorized clients, then it appears you are
not properly setting your root for this location.

But I just want to block the specified extension. :frowning: I’ve tried many
regular expression, but I can’t find the right one :frowning:

–

11

On Tue, Aug 17, 2010 at 05:38:55PM -0700, antituhan wrote:

If I put the deny rules on a root directive, the rule will blocked all
access. But I just want to block the specified extension. :frowning: I’ve tried many
regular expression, but I can’t find the right one :frowning:

What is in error_log ?

–
Igor S.
http://sysoev.ru/en/

12

This is the error_log from my nginx :
2010/08/19 10:15:24 [error] 10941#0: *56 open()
“/usr/share/nginx/html/e107_files/downloads/OS/89xx/OFFICIAL_8900M_PBr5.0.0_rel1004_PL5.2.0.58_A5.0.0.592_Wind_Hellas.exe”
failed (2: No such file or directory), client: ip.ad.dr.es, server:
antituhan.com, request: “GET
/e107_files/downloads/OS/89xx/OFFICIAL_8900M_PBr5.0.0_rel1004_PL5.2.0.58_A5.0.0.592_Wind_Hellas.exe
HTTP/1.1”, host: “antituhan.com”

I know why nginx shows 404’s error code, the root path is changed from

/var/www/antituhan/

to

/usr/share/nginx/html/

And this is the latest configuration :

location ~ ^/.*(\.exe|\.rar)$ {
    root   /path/to/dir/;
    deny   ip.ad.dr.es/19;
    allow  all;
}

And, it’s works :slight_smile: Thanks Igor for remind me to read the error_log ^^v
Thanks all, case solved :slight_smile: