Preface
Everyone knows that many websites now charge for downloading information. Whether it is points or gold coins, if you want to free it, you can only say that there are very few. So these websites How to prevent resource hotlinking?
Here is a relatively easy-to-use artifact. nginx itself provides secure_link to complete the anti-leeching function. It can add timestamps and check codes to server file links, thereby protecting server files from being downloaded and stolen.
Timing diagram
nginx configuration
How to install nginx I won’t go into details here. Remember to turn it on when installing. ngx_http_secure_link_module is enough.
./configure --with-http_secure_link_module #编译nginx时加入
Installation completion detection:
nginx -v
If the following appears, the configuration is successful:
configure arguments: --with-http_secure_link_module --prefix=/usr/local /nginx --with-http_stub_status_module
Instance configuration
server { listen 80; server_name download.52itstyle.com; charset utf-8; location / { #这里配置了2个参数一个是md5,一个是expires secure_link $arg_md5,$arg_expires; #md5的哈希格式为 secret+url+expires,expires为时间戳单位s,url为请求地址 secure_link_md5 52itstyle$uri$arg_e; #这里我们的md5是我们按照secure_link_md5的方式计算的哈希,secure_link会比对它计算的哈希值是否与我们的md5参数一致 if ($secure_link = "") { #资源不存在或哈希比对失败 return 402; } if ($secure_link = "0") { #失效超时 return 405; } #重命名文件名 add_header content-disposition "attachment;filename=$arg_f"; alias /data/site/down.52itstyle.com/; } error_page 500 502 503 504 /50x.html; error_page 402 405 /40x.html; location = /50x.html { root html; } location = /40x.html { root html; } }
Parameter details
secure_link
Syntax: secure_link expression;
Default value: None
Configuration section: http, server, location
expression is expired by the check value and It consists of time, in which the check value will be compared with the md5 hash value of the specified parameter in secure_link_md5.
If the two values are inconsistent, the value of the $secure_link variable is empty; if the two values are consistent, an expiration check is performed; if it has expired, the value of the $secure_link variable is 0; if it has not expired, it is 1 .
If the link is time-sensitive, then the expiration time is set with a timestamp, declared after the md5 hash value, separated by commas. If no expiration time is set, the link will be valid forever.
secure_link_md5
Syntax: secure_link_md5 expression;
Default value: None
Configuration section: http, server, location
expression specifies the parameters for calculating the md5 hash value. The md5 value will be compared and verified with the md5 value passed in the URL. Expression generally contains uri (for example, demo.com/s/link uri is /s/link) and encryption key secret. If the link is time-sensitive, expression needs to contain $secure_link_expires. Expression can also add client information, such as access IP, browser version information, etc.
java backend configuration
Case, for reference only:
import org.apache.commons.codec.binary.base64; import org.apache.commons.codec.digest.digestutils; /** * 生成加密連接 */ public class securelink { private static string site = "https://down.52itstyle.com/"; private static string secret = "52itstyle"; public static string createlink(string path,string filename){ string time = string.valueof((system.currenttimemillis() / 1000) + 300); // 5分钟有效 string md5 = base64.encodebase64urlsafestring(digestutils.md5(secret + path + time)); string url = site + path + "?md5=" + md5 + "&expires=" + time + "&f="+filename; return url; } public static void main(string[] args) { //https://down.52itstyle.com/2018101025689452.pdf?md5=fndyyfzcooi9q8sh1ffkxg&expires=1539847995&f=分布式秒杀架构.pdf system.out.println(createlink("2018101025689452.pdf","分布式秒杀架构.pdf")); } }
The above is the detailed content of How to build file anti-leeching service in Nginx. For more information, please follow other related articles on the PHP Chinese website!