Hi,

I am trying to protect files I have on my server with a password. Normally we use the HTTP authentication... But I am trying to do like they do on DropBox. So I though about using the PerlModule (http://wiki.nginx.org/EmbeddedPerlModule) with NGiNX to detect the session (created when a user sign in) and if it's good then you have access to the files if not you don't.

I personally would rather use PHP... If it's possible...

Would this technique work? Is there a better way?

Thanks in advance for any help and tips.



Edited 1 time(s). Last edit at 11/18/2011 01:31PM by jnbdz.

I think handling sessions and authentication/authorization in PHP is better suitable in your case. Once the user has been authenticated via your PHP backend, you can use header "X-Accel-Redirect" (see: http://wiki.nginx.org/XSendfile) and internal locations, to allow access to such locations upon any criteria of your choice, because you do it in PHP. These locations will not be available to the non-authenticated user by default, returning the 404. However, if you set the "X-Accel-Redirect: <your named location>" header from PHP, nginx will receive control after PHP script completion and process this location as if it was a normal location.

Andrejs



Edited 1 time(s). Last edit at 11/19/2011 06:45AM by locojohn.