protects files with a time limited code

protect files with a time limited code URL path prefix to protect; default "/" where the secret files are stored on disk shared secret used to create and verify urls. how long a generated url is valid in seconds (maximum allowed time difference); default is 60 "/docroot"@, see "@alias@":plugin_core.html#plugin_core__action_alias). secdownload doesn't actually handle the (valid) request, it just provides the mapping to a filename (and rejects invalid requests). ]]> "/sec/", "document-root" => "/secret/path", "secret" => "abc", "timeout" => 600 ]; ]]>

$secret = "abc"; $uri_prefix = "/sec/"; # filename; please note file name starts with "/" $f = "/secret-file.txt"; # current timestamp $t = time(); $t_hex = sprintf("%08x", $t); $m = md5($secret.$f.$t_hex); # generate link printf('%s', $uri_prefix, $m, $t_hex, $f, $f); The config example above would map this url to the file @/secret/path/secret-file.txt@. For more examples see "mod_secdownload (lighttpd 1.4.x)":https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSecDownload#Examples ]]>