Hi everyone,
I need to set a new secured location in my nginx. For that I'm using http_secure_link_module.
If the URL contains the correct token I proceed to return the page to the user, and also add a "Set-Cookie" header status=is_authorized. If the token is incorrect I return and 403 status code to the user. Until here everything is working fine.
The thing is: I need this secure_link to be conditional, for example, if the user has the status cookie set as is_authorized the token won't be required to be a part of the url (or the secure_link directive to be disabled).
Is there a way to achieve that?
Here's what I've got so far:
=========================================================
location / {
if ($cookie_STATUS = "IS_AUTHORIZED") {
// if possible cancel secure_link for authorized (with cookie) users.
}
secure_link $arg_token;
secure_link_md5 "MD5_SECRET_PARAMETERS";
set $token $arg_token;
if ($secure_link = "") {
return 403;
}
if ($secure_link = "0") {
return 410;
}
add_header Set-Cookie STATUS=IS_AUTHORIZED;
add_header Set-Cookie TOKEN=$arg_token;
include /usr/local/nginx/conf/rewrite_rules.conf;
proxy_cache confluence_cache;
include /usr/local/nginx/conf/cache.conf;
# include /etc/nginx/shared/google_analytics.conf;
proxy_set_header Authorization "Basic BASE_64_HASH";
proxy_pass PROXY_URL;
}
=================================================
Thank you,
Raphael.
I need to set a new secured location in my nginx. For that I'm using http_secure_link_module.
If the URL contains the correct token I proceed to return the page to the user, and also add a "Set-Cookie" header status=is_authorized. If the token is incorrect I return and 403 status code to the user. Until here everything is working fine.
The thing is: I need this secure_link to be conditional, for example, if the user has the status cookie set as is_authorized the token won't be required to be a part of the url (or the secure_link directive to be disabled).
Is there a way to achieve that?
Here's what I've got so far:
=========================================================
location / {
if ($cookie_STATUS = "IS_AUTHORIZED") {
// if possible cancel secure_link for authorized (with cookie) users.
}
secure_link $arg_token;
secure_link_md5 "MD5_SECRET_PARAMETERS";
set $token $arg_token;
if ($secure_link = "") {
return 403;
}
if ($secure_link = "0") {
return 410;
}
add_header Set-Cookie STATUS=IS_AUTHORIZED;
add_header Set-Cookie TOKEN=$arg_token;
include /usr/local/nginx/conf/rewrite_rules.conf;
proxy_cache confluence_cache;
include /usr/local/nginx/conf/cache.conf;
# include /etc/nginx/shared/google_analytics.conf;
proxy_set_header Authorization "Basic BASE_64_HASH";
proxy_pass PROXY_URL;
}
=================================================
Thank you,
Raphael.