Welcome! Log In Create A New Profile

Re: Nginx Valid Referer - Access Control - Help Wanted

Forum List Message List New Topic Print View

AshleyinSpain

February 19, 2020 06:30PM

Registered: 4 years ago
Posts: 3

Francis Daly Wrote:
-------------------------------------------------------
> On Thu, Feb 06, 2020 at 06:02:50PM -0500, AshleyinSpain wrote:
>
> Hi there,
>
> > > > server {
> > > > location /radio/ {
> > > > valid_referers none blocked server_names ~\.mysite\.;
> > > > if ($invalid_referer) { return 403; }
> > > > }
> > > > }
>
> > I deleted the 'none' and 'blocked' and no difference still not
> blocking
> > direct access to the URL
> >
> > Tried adding it in its own block and adding it to the end of an
> existing
> > block neither worked
> >
> > Is the location /radio/ part ok
> >
> > I am trying to block direct access to any URL with a directory
> /radio/
> >
> > The URLs look like sub.domain.tld/radio/1234/mytrack.mp3?45678901
>
> In nginx, one request is handled in one location.
>
> If /radio/ is the location that you configured to handle this request,
> then the config should apply.
>
> If you have, for example, "location ~ mp3", then *that* would probably
> be the location that is configured to handle this request (and so that
> is where this "return 403;" should be.
>
> You could try changing the line to be "location ^~ /radio/ {", but
> without knowing your full config, it is hard to know if that will fix
> things or break them.
>
> http://nginx.org/r/location
>
> > I need it so the URL is only served if a link on *.mysite.* is
> clicked ie
> > the track is only played through an html5 audio player on mysite
>
> That is not a thing that can be done reliably.
>
> If "unreliable" is good enough for you, then carry on. Otherwise, come
> up with a new requirement that can be done.
>
> Cheers,
>
> f
> --
> Francis Daly francis@daoine.org
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

Hi Francis

I've added further comments here, it's getting a bit messy above

I added, as you suggested, the ^~ to /radio/ and it now blocks it redirecting to where I put in the invalid_referer bit

The valid_referer part doesn't work though,

valid_referers server_names
*.mysite.com mysite.com dev.mysite.* can.mysite.* can.mysite.com/dashboard
~\.mysite\.;

it doesn't recognise the parameters or urls

I copied the examples in the docs and I have tried loads of variations taken from various suggestions etc online

When you say above - That is not a thing that can be done reliably is that because the headers can be 'forged' or it just doesn't work properly

I am only trying to stop casual copy stream url and paste it into browser to listen for free - I realise any determined person can get around it, but not trying to stop that with this - ultimately I will have to add more robust controls with JS and passwords but that will be later on down the line

Do you need me to copy the entire nginx config here

Thanks for your help

Ashley

Reply Quote

RSS

Subject	Author	Posted
Nginx Valid Referer - Access Control - Help Wanted	AshleyinSpain	February 05, 2020 02:43PM
Re: Nginx Valid Referer - Access Control - Help Wanted	J.R.	February 05, 2020 04:42PM
Re: Nginx Valid Referer - Access Control - Help Wanted	AshleyinSpain	February 06, 2020 06:02PM
Re: Nginx Valid Referer - Access Control - Help Wanted	Francis Daly	February 06, 2020 07:10PM
Re: Nginx Valid Referer - Access Control - Help Wanted	AshleyinSpain	February 19, 2020 06:30PM
Re: Nginx Valid Referer - Access Control - Help Wanted	Francis Daly	February 20, 2020 09:22AM
Re: Nginx Valid Referer - Access Control - Help Wanted	gariac	February 07, 2020 07:10AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 283

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018