> The user MUST BE ABLE to download the file from the article pages when > LOGGED. > If the user is NOT LOGGED, he cannot download the file, therefore even > recovering the url, he must receive an error or any other type of block.
It's rather difficult to achieve that only with a webserver (as typically a webserver itself has no idea about users being logged in or out and just to rely on a cookie is possible but rather weak check). While you can use the secure link module (https://nginx.org/en/docs/http/ngx_http_secure_link_module.html ) with expiration a more common way would be to implement the download check in the application itself and use the nginx X-Accel-Redirect feature - https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile/ Without knowing what kind of app (php/python/js/perl etc) are you running it's hard to give an exact example but the gist of the idea is to: - place the files outside webroot - configure the path as an internal nginx location - the application then checks if the user has an active session, then sends the X-Accel-Redirect header with the particular file to nginx which sends the file to user. There should be plenty of samples on internet. rr _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
