Restrict uploaded files into a custom folder to logged in users by htaccess: looking for Nginx - not only Apache - solution

admin管理员组

文章数量:1316408

Talking about this well known solution:

Github

Original discussion

I'm looking for a straightforward way working also on a Nginx installed WP and not only on Apache ones.

Is there any other code-based approach you would recommend, that works fine on any server environment?

So far, after testing various plugins from the official repository on a Nginx installed WP website, I also discovered that a bunch of them just fail when the web server is not accepting htaccess rules.

In my opinion, the best would be using the same approach for both:

setting a htaccess / nginx web server rule controlling any file request made toward a specific /uploads subfolder. The rule I found working well on my Apache based WP is the following:

RewriteCond %{REQUEST_URI} ^.*wp-content/uploads/restricted/.*
RewriteRule ^wp-content/uploads/(restricted/.*)$ dl.php?file=$1 [QSA,L]

I found - almost - the same rule for a Nginx environment, but despite my tests I'm still not able to make it work on a subfolder, so the following is just for the whole /uploads folder, not recommended:

location ~* /(?:uploads|files)/* {
rewrite /wp-content/uploads/(.*)$ /dl.php?file=$1;

}

Furthermore, as long as many clients of mines have their installations on a shared hosting, asking the provider to set a nginx rule for a single website is a lost cause most of the times.

Talking about this well known solution:

Github

Original discussion

I'm looking for a straightforward way working also on a Nginx installed WP and not only on Apache ones.

Is there any other code-based approach you would recommend, that works fine on any server environment?

So far, after testing various plugins from the official repository on a Nginx installed WP website, I also discovered that a bunch of them just fail when the web server is not accepting htaccess rules.

In my opinion, the best would be using the same approach for both:

setting a htaccess / nginx web server rule controlling any file request made toward a specific /uploads subfolder. The rule I found working well on my Apache based WP is the following:

RewriteCond %{REQUEST_URI} ^.*wp-content/uploads/restricted/.*
RewriteRule ^wp-content/uploads/(restricted/.*)$ dl.php?file=$1 [QSA,L]

I found - almost - the same rule for a Nginx environment, but despite my tests I'm still not able to make it work on a subfolder, so the following is just for the whole /uploads folder, not recommended:

location ~* /(?:uploads|files)/* {
rewrite /wp-content/uploads/(.*)$ /dl.php?file=$1;

}

Furthermore, as long as many clients of mines have their installations on a shared hosting, asking the provider to set a nginx rule for a single website is a lost cause most of the times.

• htaccess
• apache
• nginx
• content-restriction

Share Improve this question edited Nov 10, 2020 at 11:40 PatrizioRD asked Nov 10, 2020 at 10:41 PatrizioRDPatrizioRD 1144 bronze badges 2

• Plugin recommendations are off topic here. You might be able to recover this question by editing it to remove the references to purchases and plugins then voting to reopen. If you're looking for a recommendation though you will need to go elsewhere – Tom J Nowell ♦ Commented Nov 10, 2020 at 11:28
• Plugin recommendetions and purchase removed @TomJNowell – PatrizioRD Commented Nov 10, 2020 at 12:14

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

The nginx equivalent of

RewriteCond %{REQUEST_URI} ^.*wp-content/uploads/restricted/.*
RewriteRule ^wp-content/uploads/(restricted/.*)$ dl.php?file=$1 [QSA,L]

will be the

location ~ ^/wp-content/uploads/(?<file>restricted/.*) {
    rewrite ^ /dl.php?file=$file last;
}

If you want to apply this to several folders under /wp-content/uploads, use

location ~ ^/wp-content/uploads/(?<file>(?:restricted1|restricted2|restricted3)/.*) {
    rewrite ^ /dl.php?file=$file last;
}

I don't think there can be any other solution for nginx but to alter its configuration, after all the fact it has all the rules compiled at the startup instead of checking every single folder for .htaccess on every request is one of the reasons that it so outperforms Apache.

本文标签：