Lighttp-通过mod_magnet实现类似mod_secdownload的功能
http://yaoe.info/archives/2011/02/lua-auth-security-link-via-mod_magnet.html
链接地址:用过lighttpd的mod_secdownload模块,我总觉得不够灵活,比如不能验证ip,不能自定义加密串格式,还好有mod_magnet模块,能够自己用lua写一个类似mod_secdownload的脚本
首先mod_magnet模块默认不支持remoteip,不过官网有补丁,虽然不适应1.5版本,但可以自己修改源码并编译mod_magnet模块.
新建lua文件/etc/lighttpd/magnet/seclink.lua
require 'md5'
skey1 = "my key 1"
skey2 = "my key 2"
realpath = "/realpath/"
ip = lighty.env["request.remoteip"]
safe = false
for mp, etime, filepath in string.gmatch(lighty.env["request.uri"],"/slink/(%x+)/(%d+)/(.+)") do
mc = md5.sumhexa(filepath .. skey1 .. etime .. ip .. skey2)
if (tonumber(etime) < os.time()) then
return 403
end
if (mp ~= mc) then
return 403
end
lighty.env["physical.path"] = realpath .. filepath
safe = true
end
if (safe == false) then return 400 end
在lighttpd.conf中的对应站点配置下加入
$HTTP["host"] == "youdomain.com" {
......
$HTTP["url"] =~ "^/slink/" {
magnet.attract-physical-path-to = ( "/etc/lighttpd/magnet/seclink.lua" )
}
......
}
在php中生成链接的代码
<?php
$skey1 = 'my key 1';
$skey2 = 'my key 2';
$uri_prefix = '/slink/';
$f = "test.tar.gz";
$timeout = sprintf('%d', time()+60);
$realip = @$_SERVER['REMOTE_ADDR'];
$m = md5($f.$skey1.$timeout.$realip.$skey2);
$slink = $uri_prefix.$m.'/'.$timeout.'/'.$f;
echo $slink
?>
别忘记安装lua的md5支持模块
$ sudo apt-get -y install liblua5.1-md5-0
如果访问链接出现500错误,一般问题出现在lua脚本内,可以在 /var/log/lighttpd/error.log 文件查看详细信息
转:http://yaoe.info/archives/2011/02/lua-auth-security-link-via-mod_magnet.html