j94305 Wrote:
-------------------------------------------------------
> 2. You use a session context: whenever a page validly serving a link
> to a certain content is delivered, you set a cookie. Retrievals to
> files require the cookie to be present. No cookie, no access.
>
> Cheers,
> --j.
Hi, the second option seem interesting and relatively "simple" solutions, but I am having some problems.
I put a pdf file in the domain.com/assets/file/test.pdf directory
I created a cookie when a user logs in.
document.cookie = "user_logged = 1";
On Nginx I created this rule:
location ~ ^/assets/file/ {
if ($http_cookie ~* "user_logged") {
allow all;
}
root /path/to/root;
}
I also tried this:
location ~ ^/assets/file/ {
if ($cookie_user_logged = "1") {
allow all;
}
root /path/to/root;
}
But it seems not to work correctly, the user either manages to download from the direct link https://domain.com/assets/file/test.pdf from the browser,
and from the a href tag of the site, or fails from either side.
