Home>

Download servers are often hacked,A long time results in a lot of server waste.Because the server uses nginx as the web server. There are many ways to prevent theft of nginx.You can use the ready-made anti-theft module nginx-accesskey-2.0.3, which can be added when compiling ningx.

Due to serving other business needs,So nginx compiled the lua module, so I want to use lua to implement the anti-theft function of the download server (through lua's nginx module lua_nginx_module, the configuration process is not described in detail here), so that the accesskey module can be omitted. The principle is to generate a processed download link,Then the download server is processing this download link,Download on success,Failure fails.The following is a detailed configuration example:

First, the nginx configuration that generates the link on the download page

server
{
    listen 80;
    index index.htm index.html;
    root/data/www/download;
    ssi on;
    location /
    {
        set_by_lua $downkey "
            return ngx.md5 ("encryption" .. ngx.var.remote_addr .. "suffix")
        ";
    }
}

Note:You must enable ssi to get the nginx custom variable downkey in the html page, so as to generate processed URLs, where the strings encryption and suffix are customized,Feel free to change other characters.The purpose is to generate strings that others cannot easily guess.

Test the index.html code:

Second, download server nginx configuration:

server
{
    listen 80;
    index index.htm index.html;
    root/data/www/down;
    limit_conn one 1;
    set $limit_rate 1000k;
  location /
    {
        set_by_lua $foo "
            if string.sub (ngx.var.uri, 2, 33) == ngx.md5 ("encryption" .. ngx.var.remote_addr .. "suffix") then
                return 1
            else
                return 0
            end
        ";
        if ($foo=1)
        {
            rewrite "^/([0-9a-z] {32}) (. *?) $" $2 break;
        }
        if ($foo=0)
        {
        }
    }
}

After copying the link to another machine,The error page opens.

  • Previous A brief introduction to the umask () and truncate () functions in C
  • Next Method for implementing custom Alert function style based on function overload in jQuery