I have a frontend application serving at port 8080. There is backend application online office, serving at port 9980.
Now, I want to block download of files. So, application doesn't provide this feature out of the box. We decided to go with nginx to block the download.
http://BACKEND:9980/cool/http://FRONTEND/index.php/apps/richdocuments/wopi/files/148_oc77y9fz750l/download/9V2pPSf82J8QtaHccNXOKeIQDbHTWGRSOMGPPiuw4P8gDyo9SbpszHk5I7tpH9CY?WOPISrc=http://BACKEND/index.php/apps/richdocuments/wopi/files/148_oc77y9fz750l&compat=/ws
Flow is nginx in front listening at port 80 -> proxies the request to frontend at port 8080 -> When user clicks on download it get serves at port 9980
Is there a way I can block the download when I get /download in the URL.
Below is for front end
server {
listen 80;
listen [::]:80;
server_name _;
client_max_body_size 0;
underscores_in_headers on;
location ~ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
proxy_buffering off;
proxy_redirect off;
proxy_max_temp_file_size 0;
proxy_pass http://127.0.0.1:8080;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
Below are all different location block I tried for backend but return no success.
location ^~ /download {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
deny all;
return 403;
}
location ~* /.*download.* {
deny all;
return 403;
}
location ~* /.*download.* {
internal;
proxy_pass http://127.0.0.1:9980;
deny all;
return 403;
}
location ^~ /download {
deny all;
return 403 'blocked';
}
location ~ ^/(c|l)ool {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
deny all;
return 403;
}
