阻止直接访问IIS服务器上的文件 [英] Prevent direct access to files on IIS server
问题描述
我有两个服务器,一个用于我的mvc应用程序,另一个用作大型文件(如图像等)的存储,两者都运行在Windows Server 2012 R2上。
I have two servers, one for my mvc application and the other one as a storage for large files like images etc, both running on Windows Server 2012 R2.
如何阻止直接访问存储服务器上的文件?
How can I prevent direct access to the files on storage server?
说,mvc在 IP1 / 和存储上在 IP2 / 上。
say, mvc is on IP1/ and storage is on IP2/.
文件链接如下: IP2 / MediaFiles / 2015/12 / image0001.jpg 。
我需要 GET 来自 IP1 可以访问上面的链接。怎么样?
I need only GET requests from IP1 have access to the link above. How?
更新
$ 1 c $ c> IP1 上的server1需要没有文件共享,因为媒体服务器在 IP2 上,我们不需要在server1的RAM上为每个请求加载文件。 (server1很快就会崩溃!)因此不能使用 HttpHandler !
server1 on IP1 needs to be free of file sharing since media server is on IP2 and we don't need to load files per request on server1's RAM. (server1 will crash soon!) therefore no HttpHandler can be used!
在这个问题我正在寻找通过输入直接地址来防止未经授权的用户访问server2上的文件(在 IP2 上)的方法。
In this question I'm looking for a way to prevent unauthorized users from accessing files on server2 (on IP2) by entering direct address.
推荐答案
好吧,我找到了解决方案!
Alright I found the solution!
解决这些问题需要根据您的需求从不同来源收集一些技巧。我一直在寻找一种方法来防止未经授权的用户访问与主服务器不同的文件服务器上的文件。 (主服务器正在授权用户)
Working on such problems needs some trick gathered from different sources based on your needs. I was looking for a way to prevent unauthorized users from accessing files on file server which is different from your main server. (the main server is authorizing users)
首先,我使用IIS规则阻止了包含敏感文件的 Url模式的所有传入请求。然后我为文件服务器编写了一些代码行来处理使用 IHttpHandler 接口的Http请求,以便1)检查授权规则和2)将确切文件发送给客户端而不将它们转换为字节数组。最后,我使用了此链接以美化链接到文件服务器!这就是所有人;)
First of all, I blocked ALL incoming requests containing the Url pattern of my sensitive files using IIS rules. Then I wrote some lines of code for file server to handle Http requests using IHttpHandler interface in order to 1) check authorization rules and 2) send exact files to clients without converting them to byte array. And lastly, I used This Link to prettify links to file server! That's all folks ;)
现在:
物理链接[已屏蔽] : IP2 / MediaFiles / 2015/12 / image0001.jpg
虚拟链接: IP2 / Please / Find / A / File / By / DB / Id / 1 ---> image0001.jpg
这篇关于阻止直接访问IIS服务器上的文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
