Welcome! Log In Create A New Profile

Advanced

Conditional secure_link

Posted by rkoszalka 
Conditional secure_link
June 27, 2017 05:28PM
Hi everyone,

I need to set a new secured location in my nginx. For that I'm using http_secure_link_module.

If the URL contains the correct token I proceed to return the page to the user, and also add a "Set-Cookie" header status=is_authorized. If the token is incorrect I return and 403 status code to the user. Until here everything is working fine.

The thing is: I need this secure_link to be conditional, for example, if the user has the status cookie set as is_authorized the token won't be required to be a part of the url (or the secure_link directive to be disabled).

Is there a way to achieve that?

Here's what I've got so far:

=========================================================

location / {

if ($cookie_STATUS = "IS_AUTHORIZED") {
// if possible cancel secure_link for authorized (with cookie) users.
}

secure_link $arg_token;
secure_link_md5 "MD5_SECRET_PARAMETERS";

set $token $arg_token;

if ($secure_link = "") {
return 403;
}

if ($secure_link = "0") {
return 410;
}

add_header Set-Cookie STATUS=IS_AUTHORIZED;
add_header Set-Cookie TOKEN=$arg_token;

include /usr/local/nginx/conf/rewrite_rules.conf;

proxy_cache confluence_cache;
include /usr/local/nginx/conf/cache.conf;
# include /etc/nginx/shared/google_analytics.conf;

proxy_set_header Authorization "Basic BASE_64_HASH";
proxy_pass PROXY_URL;
}

=================================================

Thank you,
Raphael.
Re: Conditional secure_link
June 28, 2017 05:26PM
I've managed to do that with another variable inside my configuration file.

# if token is invalid nginx set $secure_link as empty string
if ($secure_link = "") {
set $is_allowed 'forbidden';
}

# if expiration time is gone nginx set $secure_link as 0
if ($secure_link = "0") {
set $is_allowed 'gone';
}

# if status cookie is set $is_allowed get 'authorized' as value
if ($cookie_STATUS = "IS_AUTHORIZED") {
set $is_allowed 'authorized';
}

# return 403 if $is_allowed = forbidden
if ($is_allowed = 'forbidden') {
return 403;
}

# return 410 if $is_allowed = gone
if ($is_allowed = 'gone') {
return 410;
}


Then it proceed normally setting proxy, and other things.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 118
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready