1

I wanted to restrict access to our downloads section. If users/bots wants to download file without logging in they will see 403 error. Logic is wonderful but it turned out very ugly code 

location /downloads/ {
 set $banforcookienotset 1;
 if ($cookie_PHPSESSID) {
    set $banforcookienotset 0;
 }
 if ($banforcookienotset = 1){
    return   403;}
}

Is there a better way to do this?

nerkn
  • 195
  • 2
  • 10

1 Answers1

1

Yes, but in my example you still need IF.

https://nginx.ru/en/docs/http/ngx_http_map_module.html

http {
    ...........
    map $cookie_PHPSESSID $ban {
    default '';
    ''  1;
    ...........
    }
    server {
    server_name example.com;
    if($ban) {return 403;}
        location / {
        ..........
        }
    .........
    }
}
Alexander Makarenko
  • 615
  • 4
  • 10