Answer the question
In order to leave comments, you need to log in
How to block direct access to files in a folder via nginx or .htaccess?
There is an uploads folder, files from it are downloaded via the link site.ru/file.php?name=some_file.zip&hash=hgf35hghk23g5hkgh
That is, I check the hash with a script and if it is correct, then using the X-Accel-Redirect header I send the link site.ru/uploads /some_file.zip in nginx and that one already gives it to the user.
Please tell me how to block direct access to the contents of the uploads folder so that the file cannot be downloaded via the direct link site.ru/uploads/some_file.zip
I tried to prescribe in the nginx config
location ^~ /uploads/ {
deny all;
}
Order Deny,Allow
Deny from all
Answer the question
In order to leave comments, you need to log in
You apparently have a script from this directory that pulls the file, so you can’t say?
Deny access to uploads to anyone but your web server.
You need to add internal; , it turned out like this
location ^~ /uploads/ {
internal;
}
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question