Welcome! Log In Create A New Profile

Advanced

Authenticate from invalid referers? possible?

Posted by uri_ba 
Authenticate from invalid referers? possible?
October 28, 2009 01:38PM
Hi folks,
I'm trying to set up a simple concept.
I have set up a server listening on a sub-domain. say download.blah.com. set up like this:
[code]
location / {
root /var/www/site/download;
autoindex on;
auth_basic "no!";
auth_basic_user_file /var/www/passwd/.htpasswd;

}
[/code]

every request is being asked for authentication.

I would like to be able to link from another site and those requests would not be authenticated.
logically the setup should look something like this:

[code]
location / {
root /var/www/site/download;
autoindex on;
valid_referers gooddomain.com;
if ($invalid_referer) {
auth_basic "no!";
auth_basic_user_file /var/www/passwd/.htpasswd;
}
}
[/code]

But Nginx does not accept auth_basic commands in "if"

so I can try and reverse it. but I can't use ! or =0 on the $invalid_referer inside the if condition.
so this, doesn't work either
[code]
location / {
root /var/www/site/download;
autoindex on;
valid_referers gooddomain.com;
if (!$invalid_referer) {
break;
}
auth_basic "no!";
auth_basic_user_file /var/www/passwd/.htpasswd;
}
[/code]

I'm using Nginx 8.20 (on linux as the paths might indicate)

Any ideas?

10x,
Uri
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 75
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready