我正在尝试重写一个安全链接,这是我的 nginx conf:
location /files/ {
deny all;
return 403;
}
# MEMBERS ONLY #####
location /auth/ {
secure_link $arg_h,$arg_e;
secure_link_md5 authkey$uri$arg_e;
if ($secure_link = "") {
return 403;
}
if ($secure_link = "0") {
return 403;
}
rewrite ^/auth/(.*)$ /files/$1 break;
add_header Content-Disposition "attachment; filename=$arg_f";
}
如果我这样放下载链接,它的工作:
http://13.37.13.37/auth/path/to/dir/file.zip?h=sdiouqosid&e=1337&f=the_file.zip
但如果我打印这样的链接,它不会:
http://subdir.mysite.org/auth/path/to/dir/file.zip?h=sdiouqosid&e=1337&f=the_file.zip
请注意:
- subdir.mysite.org 在 DNS 记录中有“A”redir 到 13.37.13.37
- 13.37.13.37 与 mysite.org 不同的服务器
另外:
- http://subdir.mysite.org/path/to/something/somefile.zip效果很好,只有当我使用secure_link时它才会失败(返回403或加载资源失败)。我想这与我的 url_rewrite 有关。关于这种奇怪的行为,我尝试了很多事情但没有成功。
感谢您的帮助
编辑:
下面的完整nginx:
user www-data;
worker_processes 2;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
#server_tokens off;
keepalive_timeout 65;
gzip on;
gzip_disable "msie6";
limit_conn_zone $binary_remote_addr zone=freeuser:10m;
map $request_uri $request_qs {
default '';
~.*\?(?P<key>.+)$ $key;
}
server {
listen 80;
server_name localhost;
root /var/www;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
add_header Cache-Control public;
}
location ~* \.(jpg|jpeg|gif|css|png|js|ico|swf|mp3)$ {
expires 365d;
access_log off;
}
location /file/ {
deny all;
return 403;
}
location /auth/ {
secure_link $arg_h,$arg_e;
secure_link_md5 authkey$uri$arg_e$remote_addr;
if ($secure_link = "") {
return 403;
}
if ($secure_link = "0") {
return 403;
}
rewrite ^/auth/(.*)$ /file/$1 break;
add_header Content-Disposition "attachment; filename=$arg_f";
}
}
}