Nginx安全链接模块不适用于php文件，但适用于静态文件 [英] Nginx secure link module not working with php files but working on static files

问题描述

我正在使用 http://nginx.org/en/docs/http/ngx_http_secure_link_module .html Nginx安全链接模块以保护静态文件下载.对于静态文件，它工作正常.

I am using http://nginx.org/en/docs/http/ngx_http_secure_link_module.html Nginx secure link module to secure the static file downloads. It is working fine for static files.

但是当我尝试用php文件实现它时，它不起作用.基本上我是通过ajax请求来使用它的，例如

But when I tried to implement this with php files, its not working. Basically I am using it through ajax request like

http://www.example.com/dev/serve.php?h=hash&t=timestamp

当我在下面进行检查时，尽管它没有哈希和时间戳:

When I checked below, it was working without any restriction although it doesn't have hash and timestamp:

http://www.example.com/dev/serve.php

对于静态文件，它可以正常工作，即访问任何没有哈希和时间戳的图像时，它返回指定的错误请求响应:

And for static files, it work normally i.e. when accessing any image without hash and timestamp its returning the specified bad request response:

http://www.example.com/dev/image.png

服务器配置:

#
# The default server
#

server {
    listen       80;
    server_name  www.example.com;

    location / {
        root   /box;
        index  index.php index.html index.htm;
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /box;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location ~ \.php$ {
        root   /box;
        try_files $uri =404;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    location /dev/ {
        root   /box;
        secure_link $arg_h,$arg_s;

        secure_link_md5 "secret$uri$secure_link_expires$remote_addr";

        if ($secure_link = "") {
            return 403;
        }

        if ($secure_link = "0") {
            return 410;
        }
    }
}

我的问题:

1. 它不适用于php之类的动态文件吗?
2. 如果适用，那么如何实施?

推荐答案

一段时间后，我找到了解决方法:

After a while I found the solution:

#
# The default server
#

server {
    listen       80;
    server_name  www.example.com;

    location / {
        root   /box;
        index  index.php index.html index.htm;
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /box;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location ~ \.php$ {
        root   /box;

        secure_link $arg_h,$arg_s;

        secure_link_md5 "secret$uri$secure_link_expires$remote_addr";

        if ($secure_link = "") {
            return 403;
        }

        if ($secure_link = "0") {
            return 410;
        }

        try_files $uri =404;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

}

请注意，该解决方案适用于php文件，只需进行少量修改即可适用于其他文件.

Please note that the solution is for php files, with few modification it will work for other files also.

这篇关于Nginx安全链接模块不适用于php文件，但适用于静态文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！