The nginx secure download module can add timestamps and check codes to server file links, so as to protect server files from being stolen by arbitrary downloads. The ngx_http_secure_link_module module of nginx has similar functions to the sec_download module of lighttpd, and the configuration is simpler.
First check if nginx has modules installed
configure nginx
Use php to generate a test security download link. Since the discuz version of bbs.xlongwei.com is configured, you can directly edit sec.php in the discuz directory to test
Test access: http://bbs.xlongwei.com/sec.php?f=sec/test.txt
URL in response content: http://cms.xlongwei.com/sec/test.txt?st=FzMATYtf1urcUE5hKf01Bg&e= 1437467381
If the access is exceeded after the timeout, it will return to 405
shell to generate, http://tool.xlongwei.com/shells/sec.sh
Generated by java
Original link: https://www.xlongwei.com/detail/15072116
First check if nginx has modules installed
#nginx -V Output all installed modules of nginx, check whether there is ngx_http_secure_link_module
configure nginx
#vi /etc/nginx/conf.d/cms.conf location /sec/ { root /soft/xlongwei; secure_link $arg_st,$arg_e; secure_link_md5 segredo$uri$arg_e; #segredo is a sample password if ( $secure_link = "" ) { return 402; } if ( $secure_link = "0" ) { return 405; } }
Use php to generate a test security download link. Since the discuz version of bbs.xlongwei.com is configured, you can directly edit sec.php in the discuz directory to test
#vi /soft/discuz/sec.php <?php $secret = 'segredo'; // secrets $path = "/".$_REQUEST["f"]; // ?f=path $expire = time()+10; // add ? seconds to be available, here is the access valid within 10 seconds $md5 = base64_encode(md5($secret . $path . $expire, true)); // Using binary hashing. $md5 = strtr($md5, '+/', '-_'); // + and / are considered special characters in URLs, see the wikipedia page linked in references. $md5 = str_replace('=', '', $md5); // When used in query parameters the base64 padding character is considered special. $url = "http://cms.xlongwei.com$path?st=$md5&e=$expire"; //The secure download link can be echo output directly $arr = array("url"=>$url, "expire"=>date("Y-m-d H:i:s", $expire), "md5"=>$md5); echo json_encode($arr); // Converting to json format output is also good ?>
Test access: http://bbs.xlongwei.com/sec.php?f=sec/test.txt
URL in response content: http://cms.xlongwei.com/sec/test.txt?st=FzMATYtf1urcUE5hKf01Bg&e= 1437467381
If the access is exceeded after the timeout, it will return to 405
shell to generate, http://tool.xlongwei.com/shells/sec.sh
secret=`echo segredo` path=$1 e=`date -d "+15 seconds" +%s` str=$secret$path$e #echo $str st=`echo -n $str | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =` url="http://cms.xlongwei.com$path?st=$st&e=$e" echo $url
Generated by java
public class Sec { public static String url(String path) { String secret="segredo"; //secret String e=String.valueOf((System.currentTimeMillis()/1000)+10); //10 seconds String md5 = Base64.encodeBase64URLSafeString(DigestUtils.md5(secret+path+e)); return "http://cms.xlongwei.com"+path+"?st="+md5+"&e="+e; } }
Original link: https://www.xlongwei.com/detail/15072116