D
D
djok21422019-03-15 16:15:27
Nginx
djok2142, 2019-03-15 16:15:27

How to block direct access to files in a folder via nginx or .htaccess?

There is an uploads folder, files from it are downloaded via the link site.ru/file.php?name=some_file.zip&hash=hgf35hghk23g5hkgh
That is, I check the hash with a script and if it is correct, then using the X-Accel-Redirect header I send the link site.ru/uploads /some_file.zip in nginx and that one already gives it to the user.
Please tell me how to block direct access to the contents of the uploads folder so that the file cannot be downloaded via the direct link site.ru/uploads/some_file.zip
I tried to prescribe in the nginx config

location ^~ /uploads/ {
        deny all;
    }

Direct access is closed, but the link site.ru/file.php?name=some_file.zip&hash=hgf35hghk23g5hkgh makes the file unavailable.
I also tried to place the .htaccess file with the content in the root of the folder
Order Deny,Allow
Deny from all

But it doesn't work.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
M
Mysterion, 2019-03-15
@Mysterion

You apparently have a script from this directory that pulls the file, so you can’t say?
Deny access to uploads to anyone but your web server.

D
djok2142, 2019-03-15
@djok2142

You need to add internal; , it turned out like this

location ^~ /uploads/ {
        internal;
    }

The internal directive specifies that this area will only be available if nginx internally redirects to the specified directory. Thus, even knowing the direct address of the resource on the server, we will receive 404 in response to our request
This article helped

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question