NGINX protect URL

Question

i have multible Domains on my awstats Server. Now i want to protect the URL for other customers.

The real url = host/awstasts.pl?config=DOMAIN

How can i Protect them? I was trying with spezial Header/config set but this dont solve my problem that customers can guess the other Domains.

i tries something like that.

location /DOMAIN {
   set config-domain DOMAIN;
   add_header config_domain DOMAIN;
   return 301 host/awstats.pl?config=DOMAIN;
}

location /awstats.pl {
   if ($http_CONFIG-domain != "") { return 403; }
   if ($confi-domain != "") { return 403; }
fastcgi stuff

BASIC Authenfication is maybe a solution but there is a needed for each DOMAIN

can someone help me?

//edit Debian 10 nginx/1.14.2 without secure_link

score 0 · Answer 1 · answered Jun 30 '20 at 15:45

Solved by testing.

location /domain-a
  {
    add_header Set-Cookie config=domain-a ;
    return 301 http://$host/awstats.pl?config=domain-a;
  }

location /domain-b
  {
    add_header Set-Cookie config=domain-b ;
    return 301 http://$host/awstats.pl?config=domain-b;
  }


  location /awstats.pl.
    {
      if ($cookie_config != $arg_config) { return 403; }

     //FASTcgi sTUFF


    }

NGINX protect URL

1 Answers1