我正在尝试使用nginx安全链接模块,但是允许我自己绕过对本地IP的散列检查。 我不知道如何去做,这是我迄今为止:
location /secured/ { secure_link $arg_st,$arg_e; secure_link_md5 <redacted>$uri$arg_e$remote_addr; sendfile on; tcp_nopush on; alias /srv/http/jmsdirectory/public_html/media/secured/; if ($secure_link = "0") { rewrite . /media/expired.html last; } if ($secure_link = "") { rewrite . /media/bad_hash.html last; } } 我认为像下面这样的configuration可能会诀窍:
# Define your local ip blocks here geo $local_client { default 0; 127.0.0.1/32 1; 10.0.0.0/8 1; } # This map allows uses the $local_client geo variable above # to always allow local clients, and passes through $secure_link # for remote clients. map $local_client $client_allowed { 0 $secure_link; 1 1; } server { location /secured/ { secure_link $arg_st,$arg_e; secure_link_md5 <redacted>$uri$arg_e$remote_addr; sendfile on; tcp_nopush on; alias /srv/http/jmsdirectory/public_html/media/secured/; # $client_allowed is now a drop-in replacement for $secure_link if ($client_allowed = "0") { rewrite . /media/expired.html last; } if ($client_allowed = "") { rewrite . /media/bad_hash.html last; } } }