Welcome! Log In Create A New Profile

Advanced

Re: Prevent direct access to files but allow download from site

March 12, 2020 07:42AM
j94305 Wrote:
-------------------------------------------------------
> 2. You use a session context: whenever a page validly serving a link
> to a certain content is delivered, you set a cookie. Retrievals to
> files require the cookie to be present. No cookie, no access.
>
> Cheers,
> --j.

Hi, the second option seem interesting and relatively "simple" solutions, but I am having some problems.

I put a pdf file in the domain.com/assets/file/test.pdf directory

I created a cookie when a user logs in.
document.cookie = "user_logged = 1";

On Nginx I created this rule:

location ~ ^/assets/file/ {
if ($http_cookie ~* "user_logged") {
allow all;
}
root /path/to/root;
}

I also tried this:

location ~ ^/assets/file/ {
if ($cookie_user_logged = "1") {
allow all;
}
root /path/to/root;
}



But it seems not to work correctly, the user either manages to download from the direct link https://domain.com/assets/file/test.pdf from the browser,
and from the a href tag of the site, or fails from either side.
Subject Author Posted

Prevent direct access to files but allow download from site

MAXMAXarena March 11, 2020 06:36PM

Re: Prevent direct access to files but allow download from site

Ralph Seichter March 11, 2020 06:58PM

Re: Prevent direct access to files but allow download from site

gariac March 11, 2020 08:46PM

Re: Prevent direct access to files but allow download from site

MAXMAXarena March 11, 2020 09:23PM

Re: Prevent direct access to files but allow download from site

gariac March 11, 2020 10:20PM

Re: Prevent direct access to files but allow download from site

MAXMAXarena March 12, 2020 05:49AM

Re: Prevent direct access to files but allow download from site

Ralph Seichter March 11, 2020 10:22PM

Re: Prevent direct access to files but allow download from site

MAXMAXarena March 12, 2020 05:47AM

Re: Prevent direct access to files but allow download from site

j94305 March 11, 2020 10:36PM

Re: Prevent direct access to files but allow download from site

MAXMAXarena March 12, 2020 07:42AM

Re: Prevent direct access to files but allow download from site

j94305 March 12, 2020 06:03PM

Re: Prevent direct access to files but allow download from site

MAXMAXarena March 13, 2020 09:20AM

Re: Prevent direct access to files but allow download from site

lsces April 05, 2020 11:42AM

Re: Prevent direct access to files but allow download from site

J.R. March 12, 2020 12:02PM

Re: Prevent direct access to files but allow download from site

MAXMAXarena March 12, 2020 01:12PM

RE: Prevent direct access to files but allow download from site

Reinis Rozitis March 12, 2020 06:32PM

Re: Prevent direct access to files but allow download from site

Ralph Seichter March 12, 2020 08:18PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 73
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready