[ASK] Restrict direct link file access

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

[ASK] Restrict direct link file access

antituhan
Hi, Could nginx restrict direct link access / hotlink access to specified file/extension ?
I try to write the rules like this :
 location ~ ^/*(\.exe)$ {
        deny   ip.ad.dr.es;
    }
But nothing happen, the files still can be downloaded by denied ip address.
Somebody help me please :)
[daemon@antituhan.com ~]#
Reply | Threaded
Open this post in threaded view
|

Re: [ASK] Restrict direct link file access

Edho P Arief
On Fri, Aug 13, 2010 at 3:44 AM, antituhan <[hidden email]> wrote:

> Hi, Could nginx restrict direct link access / hotlink access to specified
> file/extension ?
> I try to write the rules like this :
>
>  location ~ ^/*(\.exe)$ {
>         deny   ip.ad.dr.es;
>     }
>
> But nothing happen, the files still can be downloaded by denied ip address.
> Somebody help me please :)

at least, you forgot a dot.

  location ~ ^/.*(\.exe)$ {
         deny   ip.ad.dr.es;
     }

(note that I'm not too familiar with deny directive)

--
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

_______________________________________________
nginx mailing list
[hidden email]
http://nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: [ASK] Restrict direct link file access

antituhan
I've added a dot in front of *, like this :
  location ~ ^/.*(\.exe)$ {
         deny   ip.ad.dr.es;
     } 
And still not working :(
[daemon@antituhan.com ~]#
Reply | Threaded
Open this post in threaded view
|

Re: [ASK] Restrict direct link file access

Cliff Wells
In reply to this post by antituhan
On Thu, 2010-08-12 at 13:44 -0700, antituhan wrote:
> Hi, Could nginx restrict direct link access / hotlink access to
> specified file/extension ?
> I try to write the rules like this :
> location ~ ^/*(\.exe)$ {
>         deny   ip.ad.dr.es;
>     }

location ~ \.exe$ {
  deny ip.ad.dr.es;
}

Cliff
--


_______________________________________________
nginx mailing list
[hidden email]
http://nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: [ASK] Restrict direct link file access

antituhan
Thanks, but this rules will show 404 not found on my site :(
Unlisted IP (allowed IP) will be redirected to 404 not found page.
[daemon@antituhan.com ~]#
Reply | Threaded
Open this post in threaded view
|

Re: [ASK] Restrict direct link file access

antituhan
In reply to this post by antituhan
May be, this example of URL can explain more .... http://www.mydomain.com/e107_files/downloads/OS/81xx/8100_PBr4.5.0_rel174_PL2.7.0.92_A4.5.0.124.exe (for .exe files) http://www.mydomain.com/e107_files/downloads/DM/600_b042_multilanguage.exe (the same .exe files but in different directory) Thanks antituhan
[daemon@antituhan.com ~]#
Reply | Threaded
Open this post in threaded view
|

Re: [ASK] Restrict direct link file access

Cliff Wells
In reply to this post by antituhan
On Mon, 2010-08-16 at 10:27 -0700, antituhan wrote:
> Thanks, but this rules will show 404 not found on my site :(
> Unlisted IP (allowed IP) will be redirected to 404 not found page.

You need to have a root directive.  Either put one in the server section
(generally preferred) or if your .exe's are in a particular place, you
can put it in the location directive.

If that doesn't fix it then you will need to post your config so someone
can help you debug it.

Cliff

--


_______________________________________________
nginx mailing list
[hidden email]
http://nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: [ASK] Restrict direct link file access

vedranf
In reply to this post by antituhan
You should look into x-file-redirect. That way you can have a backend
script handle the authentication and then let Nginx handle the streaming
part if the user is allowed to download .

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,119550,120491#msg-120491


_______________________________________________
nginx mailing list
[hidden email]
http://nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: [ASK] Restrict direct link file access

antituhan
In reply to this post by Cliff Wells
If I put the deny rules on a root directive, the rule will blocked all access. But I just want to block the specified extension. :( I've tried many regular expression, but I can't find the right one :(
[daemon@antituhan.com ~]#
Reply | Threaded
Open this post in threaded view
|

Re: [ASK] Restrict direct link file access

Cliff Wells
On Tue, 2010-08-17 at 17:38 -0700, antituhan wrote:
> If I put the deny rules on a root directive, the rule will blocked all
> access.

Not a root location, a root *directive*:

http://wiki.nginx.org/NginxHttpCoreModule#root

Since you now get 404's for authorized clients, then it appears you are
not properly setting your root for this location.


> But I just want to block the specified extension. :( I've tried many
> regular expression, but I can't find the right one :(



--


_______________________________________________
nginx mailing list
[hidden email]
http://nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: [ASK] Restrict direct link file access

Igor Sysoev-2
In reply to this post by antituhan
On Tue, Aug 17, 2010 at 05:38:55PM -0700, antituhan wrote:

> If I put the deny rules on a root directive, the rule will blocked all
> access. But I just want to block the specified extension. :( I've tried many
> regular expression, but I can't find the right one :(

What is in error_log ?


--
Igor Sysoev
http://sysoev.ru/en/

_______________________________________________
nginx mailing list
[hidden email]
http://nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: [ASK] Restrict direct link file access

antituhan
This is the error_log from my nginx :
2010/08/19 10:15:24 [error] 10941#0: *56 open() "/usr/share/nginx/html/e107_files/downloads/OS/89xx/OFFICIAL_8900M_PBr5.0.0_rel1004_PL5.2.0.58_A5.0.0.592_Wind_Hellas.exe" failed (2: No such file or directory), client: ip.ad.dr.es, server: antituhan.com, request: "GET /e107_files/downloads/OS/89xx/OFFICIAL_8900M_PBr5.0.0_rel1004_PL5.2.0.58_A5.0.0.592_Wind_Hellas.exe HTTP/1.1", host: "antituhan.com"
I know why nginx shows 404's error code, the root path is changed from
/var/www/antituhan/
to
/usr/share/nginx/html/
And this is the latest configuration :
    location ~ ^/.*(\.exe|\.rar)$ {
        root   /path/to/dir/;
        deny   ip.ad.dr.es/19;
        allow  all;
    }
And, it's works :) Thanks Igor for remind me to read the error_log ^^v Thanks all, case solved :)
[daemon@antituhan.com ~]#