How to let only customers download files with wget/curl?
- 
 @Pete-S said in How to let only customers download files with wget/curl?: @stacksofplates said in How to let only customers download files with wget/curl?: @Pete-S said in How to let only customers download files with wget/curl?: have scripts serve the data and what not. Wait are you talking about CGI scripts? Yes, that's a possibility when you are using a webserver, instead of ssh. If you access a file over ssh, AFAIK the file is a static file and it is what it is. If you however access a file over https, you can have a script on the webserver delivering you the file and you can send parameters to it. For instance : wget -o install.sh "https://xyz.com/my_special_install_script.py?os=CentOS7&special=2&customer=2432"You just have a gazilion options when you connect over a webserver. Yeah I thought you were providing files through just a default webserver. So while CGI isn't insecure by itself, you have a ton of work in securing the scripts you create. You might be better off just writing a small API to hand off the info instead of trying to properly secure CGI scripts. Another option is a serverless function leveraging the providers authentication to serve the files up. Here's an example from GCP where you can just check require authentication using their IAM.  
- 
 @stacksofplates said in How to let only customers download files with wget/curl?: @Pete-S said in How to let only customers download files with wget/curl?: @stacksofplates said in How to let only customers download files with wget/curl?: @Pete-S said in How to let only customers download files with wget/curl?: have scripts serve the data and what not. Wait are you talking about CGI scripts? Yes, that's a possibility when you are using a webserver, instead of ssh. If you access a file over ssh, AFAIK the file is a static file and it is what it is. If you however access a file over https, you can have a script on the webserver delivering you the file and you can send parameters to it. For instance : wget -o install.sh "https://xyz.com/my_special_install_script.py?os=CentOS7&special=2&customer=2432"You just have a gazilion options when you connect over a webserver. Yeah I thought you were providing files through just a default webserver. So while CGI isn't insecure by itself, you have a ton of work in securing the scripts you create. You might be better off just writing a small API to hand off the info instead of trying to properly secure CGI scripts. Another option is a serverless function leveraging the providers authentication to serve the files up. Here's an example from GCP where you can just check require authentication using their IAM. Thanks, I had the intention of letting the webserver authenticate and in most cases provide a static file directly or when needed invoke a script that will provide dynamic content. I haven't checked nginx yet but apache can check client SSL certificates easily. 
