I am looking for a way to restrict access to mp3 files on my site to logged in users only.
The approach listed here sounds pretty much like what I need:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a)$
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . - [R=403,L]
except how would I convert these .htaccess rules to nginx?
Topic content-restriction nginx Wordpress
Category Web
a slight variant of this worked better for me
location /wp-content/uploads/ {if ($http_cookie !~ "wordpress_logged_in") {
return 403;
}
}
This prevents all direct access to the uploads folder files unless logged in
You could do it like this:
location ~ \.(mp3|m4a)$ {
if ($http_cookie !~ "wordpress_logged_in") {
return 403;
}
}
If it is really matters that it is secured (as opposed to just not being "obviously" accessible by the general public), auth should probably also be checked since it's quite easy to send the WP login cookie with the HTTP request, regardless of auth status.
Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.