I hope that someone can help me here as I have very limited knowledge about server related stuff.
I have a WordPress site where I want to limit the /wp-content/uploads/ directory access to logged in users only. For this I have used the workaround as specified in the following link on an nginx server:
https://wordpress.stackexchange.com/questions/37144/how-to-protect-uploads-if-user-is-not-logged-in
And this solution works fine. However, there is a problem.
I have some pdfs embedded via google doc embed on certain pages. The google doc embed uses to load the PDFs as follows:
<iframe src="//docs.google.com/viewer?url=https://link-to-file.pdf&hl=en_US&embedded=true" class="" style="width:100%; height:500px; border: none;" scrolling="no"></iframe>
My nginx rule is as follows:
location ~* /(?:uploads)/* {
rewrite /wp-content/uploads/(.*)$ /dl-file.php?file=$1;
}
How can I exclude above iframe or //docs.google.com url from this rule?
Any help would be highly appreciated.
Thanks
Bakar
You can use referrers (http://nginx.org/en/docs/http/ngx_http_referer_module.html#valid_referers)
Than you can just use $invalid_referer variable in your location block.