Answer the question
In order to leave comments, you need to log in
D
D
djok21422019-03-15 16:15:27
djok2142, 2019-03-15 16:15:27
How to block direct access to files in a folder via nginx or .htaccess?
There is an uploads folder, files from it are downloaded via the link site.ru/file.php?name=some_file.zip&hash=hgf35hghk23g5hkgh
That is, I check the hash with a script and if it is correct, then using the X-Accel-Redirect header I send the link site.ru/uploads /some_file.zip in nginx and that one already gives it to the user.
Please tell me how to block direct access to the contents of the uploads folder so that the file cannot be downloaded via the direct link site.ru/uploads/some_file.zip
I tried to prescribe in the nginx config
location ^~ /uploads/ {
deny all;
}Direct access is closed, but the link site.ru/file.php?name=some_file.zip&hash=hgf35hghk23g5hkgh makes the file unavailable.
I also tried to place the .htaccess file with the content in the root of the folder
Order Deny,Allow
Deny from allBut it doesn't work.
2 answer(s)
@Mysterion
@djok2142
The internal directive specifies that this area will only be available if nginx internally redirects to the specified directory. Thus, even knowing the direct address of the resource on the server, we will receive 404 in response to our request
This article helped
M
Mysterion, 2019-03-15 @Mysterion
You apparently have a script from this directory that pulls the file, so you can’t say?
Deny access to uploads to anyone but your web server.
D
djok2142, 2019-03-15 @djok2142
You need to add internal; , it turned out like this
location ^~ /uploads/ {
internal;
}The internal directive specifies that this area will only be available if nginx internally redirects to the specified directory. Thus, even knowing the direct address of the resource on the server, we will receive 404 in response to our request
This article helped
Similar questions
M
W
M
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question