I am looking for a way to restrict access to mp3 files on my site to logged in users only.
The approach listed here sounds pretty much like what I need:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a)$
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . - [R=403,L]
except how would I convert these .htaccess rules to nginx?
I am looking for a way to restrict access to mp3 files on my site to logged in users only.
The approach listed here sounds pretty much like what I need:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a)$
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . - [R=403,L]
except how would I convert these .htaccess rules to nginx?
Share Improve this question edited May 18, 2014 at 5:15 pereyra asked May 18, 2014 at 1:43 pereyrapereyra 4755 silver badges15 bronze badges2 Answers
Reset to default 4You could do it like this:
location ~ \.(mp3|m4a)$ {
if ($http_cookie !~ "wordpress_logged_in") {
return 403;
}
}
If it is really matters that it is secured (as opposed to just not being "obviously" accessible by the general public), auth should probably also be checked since it's quite easy to send the WP login cookie with the HTTP request, regardless of auth status.
a slight variant of this worked better for me
location /wp-content/uploads/ {if ($http_cookie !~ "wordpress_logged_in") {
return 403;
}
}
This prevents all direct access to the uploads folder files unless logged in