Skip to main content

Generate secure download urls with lighttp

with mod_secdownload, lighttp can generate secure download urls for a given time period.
Generated url's format is <uri-prefix>/<token>/<timestamp-in-hex>/<rel-path> and looks like
"videos1.testing.com/vd1/2c2456cb1fa665644938b59950ba8ea5/4ef09a53/somevideo.mpeg"
<token> is an MD5 of
1. a secret string (user supplied
2. <rel-path> (starts with /)
3. <timestamp-in-hex>
There are some options for mod_secdownload for each virtualhost:
secdownload.secret = <string>
secdownload.document-root = <string> (default: /)
secdownload.timeout = <short>
secdownload.uri-prefix = <string> (default: 60 seconds)
an example of lighttpd.conf as:
server.document-root = "/webroot/"
server.port = 80
server.username = "lighttpd"
server.groupname = "lighttpd"

## modules to load
# at least mod_access and mod_accesslog should be loaded
# all other module should only be loaded if really neccesary
# - saves some time
# - saves memory
server.modules              = (
#                               "mod_rewrite",
#                               "mod_redirect",
#                               "mod_cml",
#                               "mod_trigger_b4_dl",
#                               "mod_auth",
#                               "mod_status",
#                               "mod_setenv",
#                               "mod_fastcgi",
#                               "mod_proxy",
#                               "mod_simple_vhost",
#                               "mod_evhost",
#                               "mod_userdir",
#                               "mod_cgi",
#                               "mod_compress",
#                               "mod_ssi",
#                               "mod_usertrack",
#                               "mod_expire",
#                               "mod_rrdtool"
                                "mod_alias",
                                "mod_access",
                                "mod_accesslog",
                                "mod_secdownload" )

mimetype.assign = (
  ".html"       =>      "text/html",
  ".txt"        =>      "text/plain",
  ".gif"          =>      "image/gif",
  ".jpg"        =>      "image/jpeg",
  ".jpeg"         =>      "image/jpeg",
  ".png"        =>      "image/png",
  ".mp3"          =>      "audio/mpeg",
  ".wma"          =>      "audio/x-ms-wma",
  ".wav"          =>      "audio/x-wav",
  ".mpg"        =>      "video/mpeg",
  ".mp4"        =>      "video/mpeg",
  ".mpeg"       =>      "video/mpeg",
  ".m2p"        =>      "video/mpeg",
  ".mov"          =>      "video/quicktime",
  ".qt"           =>      "video/quicktime",
  ".avi"          =>      "video/x-msvideo",
  ".asf"          =>      "video/x-ms-asf",
  ".wmv"          =>      "video/x-ms-wmv",
  ".3gp"          =>      "video/3gpp",
  ""            =>      "application/octet-stream"
)

static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc" )
index-file.names               = ( "index.html" )
accesslog.filename             = "/var/log/lighttpd/access.log"

$HTTP["host"] =~ "videos1\.testing\.com" {
  server.document-root        = "/webroot/"
  server.errorlog             = "/var/log/lighttpd/videos1.log"

  secdownload.secret          = "secret1"
  secdownload.document-root   = "/webroot/videos1/"
  secdownload.uri-prefix      = "/vd1/"
  secdownload.timeout         = 300
}

$HTTP["host"] =~ "videos2\.testing\.com" {
  server.document-root        = "/webroot/"
  server.errorlog             = "/var/log/lighttpd/videos2.log"

  secdownload.secret          = "secret2"
  secdownload.document-root   = "/webroot/videos2/"
  secdownload.uri-prefix      = "/vd2/"
  secdownload.timeout         = 300
}

## where to send error-messages to
server.errorlog             = "/var/log/lighttpd/error.log"

## send a different Server: header
## be nice and keep it at lighttpd
server.tag                 = "VIDEOS"

For your application to ganerate same url with lighttp, you can use this php:
<?php
$secret = "secret1";
$uri_prefix = "/vd1/";

$f = "/somevideo.mpeg";

$t = time();
$t_hex = sprintf("%08x", $t);
$m = md5($secret.$f.$t_hex);

printf('http://videos1.testing.com'.$uri_prefix.$m.'/'.$t_hex.$f);
?>

Comments

Popular posts from this blog