Welcome! Log In Create A New Profile

Advanced

Re: Nginx Valid Referer - Access Control - Help Wanted

February 19, 2020 06:30PM
Francis Daly Wrote:
-------------------------------------------------------
> On Thu, Feb 06, 2020 at 06:02:50PM -0500, AshleyinSpain wrote:
>
> Hi there,
>
> > > > server {
> > > > location /radio/ {
> > > > valid_referers none blocked server_names ~\.mysite\.;
> > > > if ($invalid_referer) { return 403; }
> > > > }
> > > > }
>
> > I deleted the 'none' and 'blocked' and no difference still not
> blocking
> > direct access to the URL
> >
> > Tried adding it in its own block and adding it to the end of an
> existing
> > block neither worked
> >
> > Is the location /radio/ part ok
> >
> > I am trying to block direct access to any URL with a directory
> /radio/
> >
> > The URLs look like sub.domain.tld/radio/1234/mytrack.mp3?45678901
>
> In nginx, one request is handled in one location.
>
> If /radio/ is the location that you configured to handle this request,
> then the config should apply.
>
> If you have, for example, "location ~ mp3", then *that* would probably
> be the location that is configured to handle this request (and so that
> is where this "return 403;" should be.
>
> You could try changing the line to be "location ^~ /radio/ {", but
> without knowing your full config, it is hard to know if that will fix
> things or break them.
>
> http://nginx.org/r/location
>
> > I need it so the URL is only served if a link on *.mysite.* is
> clicked ie
> > the track is only played through an html5 audio player on mysite
>
> That is not a thing that can be done reliably.
>
> If "unreliable" is good enough for you, then carry on. Otherwise, come
> up with a new requirement that can be done.
>
> Cheers,
>
> f
> --
> Francis Daly francis@daoine.org
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

Hi Francis

I've added further comments here, it's getting a bit messy above

I added, as you suggested, the ^~ to /radio/ and it now blocks it redirecting to where I put in the invalid_referer bit

The valid_referer part doesn't work though,

valid_referers server_names
*.mysite.com mysite.com dev.mysite.* can.mysite.* can.mysite.com/dashboard
~\.mysite\.;

it doesn't recognise the parameters or urls

I copied the examples in the docs and I have tried loads of variations taken from various suggestions etc online

When you say above - That is not a thing that can be done reliably is that because the headers can be 'forged' or it just doesn't work properly

I am only trying to stop casual copy stream url and paste it into browser to listen for free - I realise any determined person can get around it, but not trying to stop that with this - ultimately I will have to add more robust controls with JS and passwords but that will be later on down the line

Do you need me to copy the entire nginx config here

Thanks for your help

Ashley
Subject Author Posted

Nginx Valid Referer - Access Control - Help Wanted

AshleyinSpain February 05, 2020 02:43PM

Re: Nginx Valid Referer - Access Control - Help Wanted

J.R. February 05, 2020 04:42PM

Re: Nginx Valid Referer - Access Control - Help Wanted

AshleyinSpain February 06, 2020 06:02PM

Re: Nginx Valid Referer - Access Control - Help Wanted

Francis Daly February 06, 2020 07:10PM

Re: Nginx Valid Referer - Access Control - Help Wanted

AshleyinSpain February 19, 2020 06:30PM

Re: Nginx Valid Referer - Access Control - Help Wanted

Francis Daly February 20, 2020 09:22AM

Re: Nginx Valid Referer - Access Control - Help Wanted

gariac February 07, 2020 07:10AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 107
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready