0

I have a Nginx web server, currently my web application host some private photos which can be access openly, I want to protect them on Nginx level. Here is my current Nginx configuration:

...
http {
    ...

    server
    {
        listen      80;
        server_name  dash.mydomain.com;

        index index.html index.htm index.php;
        root  /var/www/myproject-dash;

        location ~ [^/]\.php(/|$) {
          fastcgi_pass    127.0.0.1:9000;
          include         fastcgi_params;
          fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
          fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
        }

        location / {
            rewrite ^/(.*)$ /index.php?$1 last;
        }

        location ~ .*\.(js|gif|jpg|jpeg|...|woff2)$ {
            expires      12h;
        }
    }
}

It seems I should write a rewrite rule, I tried this:

(Because these articles said:

https://serverfault.com/questions/332631/how-can-i-protect-files-on-my-nginx-server

How to protect against direct access to images?

), So I write:

location ~*(\.jpg|\.png|\.gif|\.jpeg)$ {
    rewrite ^/upload/(.+)$ /index.php/myImageRoute/$1 last;
}

But somehow this rule not work. My true need is to make the image access by a token mechanism, and by default, forbidden direct access. So I should firstly forbid their direct access by Nginx rule, and secondly, write some PHP code to achieve the token mechanism. If you have the token, you can see the image, if not, you can not.

My sample image URL is:

/upload/appter/2015/11/1148_3kijfljl344fa.jpg?params1=value1&params2=value2

So how can I write this Nginx rule correctly to redirect the image direct URL into my image processing route with the URL as params?

Community
  • 1
  • 1
Phoenix
  • 1,055
  • 1
  • 12
  • 27

0 Answers0