Igor Sysoev Wrote:
-------------------------------------------------------
> Changes with nginx 0.8.50
> 02 Sep 2010
>
> *) Feature: the "secure_link",
> "secure_link_md5", and
> "secure_link_expires" directives of the
> ngx_http_secure_link_module.

Hello!

While this is a very welcome enhancement to this module I'm having a hard time figuring out its correct usage. It appears (to me) that there's a limitation (bug?) in the base64 decoding.

As a simple test case I use:

location ~ ^/a/(?<key>[0-9a-zA-Z\+/=]+) {
secure_link_md5 "a";
secure_link "$key";
if ($secure_link = "") {
return 501;
}
if ($secure_link != "") {
return 502;
}
}

A request to http://127.0.01:8182/a/DMF1ucDxtqgxw5niaXcmYQ== then returns 502 as expected.

However if I change from:
secure_link_md5 "a";
to:
secure_link_md5 "b";
and place a request to http://127.0.01:8182/a/kutf/uauL+w61xx3dTFXjw==
I receive a 501. I immediately thought is was the / in the base64 encoded data that caused this and tried to URL encode the base64 string but it doesn't seem to work. I also tried using the "URL applications" variant of Base 64 without any success.

What am I missing?



regards
Mårten Gustafson