On Sat, Mar 13, 2021 at 07:56:35AM +1100, Jore wrote: Hi there,
> I have pages served from "embed.domain.com" that I'd only like to be > accessible when they're embedded in files served from "docs.domain.com" > Is it possible to lock down "embed.domain.com" so it can only be accessed > through "docs.domain.com"? If you mean "a http request to the embed.domain.com site must only get a response if the request was made by a user clicking a link on the docs.domain.com site", then that can't be done reliably. That's the nature of http. You could do something like block external access to embed.domain.com altogether, and use nginx to reverse-proxy requests to it behind http://docs.domain.com/embed/, for example. That would mean that all external http requests would go to docs.domain.com; but it still does not mean that a request to docs.domain.com/embed/ came from a user clicking a link somewhere else on docs.domain.com. It may or may not match what you want. Good luck with it, f -- Francis Daly fran...@daoine.org _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
