$secure_link

Description

The $secure_link variable is utilized in NGINX to manage and validate secure links to resources, such as files or data, ensuring that access is restricted to authorized users based on tokens. When a secure link is generated, it is typically hashed using parameters including the document root, the URI, and an expiration timestamp, among others. This variable thus contains the value of this hashed link that clients use to authenticate and gain access to the protected resource. The variable is set under certain conditions, particularly when the secure_link module is enabled and a designated `secure_link` directive is configured within either an http, server, or location context. It validates requests by comparing the provided token with the expected secured link, ensuring that links are both time-limited (valid only for a certain duration) and unique to each client. The common values for this variable would typically reflect the hash generated based on the configurations established within the secure link directives. In practice, this helps to prevent unauthorized access to sensitive files, making it useful for applications that require content protection, such as private media files or software downloads. To ensure smooth operations, one needs to carefully manage not only the generation of these tokens but also their expiration and deactivation policies to enhance access security.

Config Example

location /protected_file {
    secure_link $arg_st,$arg_e;
    secure_link_secret your_secret;

    # Validate secure link
    if ($secure_link = "") {
        return 403; # deny access
    }

    # Allow access if validation passes
    root /path/to/your/files;
    add_header Content-Disposition "attachment; filename=protected_file";
}