我的开发人员希望只允许向局域网中的用户下载一些文件.我说好的很简单,我写了Nginx配置的更改,如下所示:
这是此虚拟主机的完整配置:
location /restricteddir/download/file {
allow 192.168.0.0/16;
allow 10.0.0.0/8;
deny all;
}
@H_403_4@好吧从外面我得到403这么好但是从内部(LAN)给我404.为什么?
@H_403_4@我已经检查过,磁盘上不存在文件的位置.开发人员告诉我,该位置是由PHP动态生成的,因此文件位于tmp目录中,但点击链接后:
@H_403_4@https://example.com/report/download/file/id/somefile.txt它应该开始下载,但它给出了404错误.
@H_403_4@最后一个物理loaction是/ restricteddir / download所以file / id / somefile.txt是由PHP生成的.
@H_403_4@为了测试我将位置更改为/ restricteddir / download,然后点击https://example.com/restricteddir/download给了我404.
@H_403_4@禁用限制后,我很困惑,dir Everythings工作正常,我可以从https://example.com/report/download/file/id/somefile.txt下载文件并点击https://example.com/report/下载/没有404.那么bug在哪里?我应该将什么添加到我的Nginx配置中才能使其正常工作?
@H_403_4@EDIT1这是此虚拟主机的完整配置:
#example.com:443
server {
listen 443 default;
ssl on;
ssl_certificate example.crt;
ssl_certificate_key example.key;
ssl_session_timeout 15m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
server_name example.com;
access_log /var/log/Nginx/example.com.access.log;
error_log /var/log/Nginx/example.com.error.log;
location / {
root /sites/public;
index index.PHP;
if (!-f $request_filename) {
rewrite ^.*$/index.PHP last;
break;
}
}
location /restricteddir/download/file {
allow 192.168.0.0/16;
allow 10.0.0.0/8;
deny all;
}
#PHP
location ~ \.PHP${
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.PHP;
include /fastcgi_params;
fastcgi_param SCRIPT_FILENAME /sites/public$fastcgi_script_name;
}
}
server {
listen 80 default;
server_name example.com;
access_log off;
rewrite ^(.*)$https://example.com$1 permanent;
}
@H_403_4@我在日志中创建了这个:
2012/08/07 11:55:43 [error] 11121#0: *90 open() "/usr/share/Nginx/html/restricteddir/download/file/id/somefile.txt" Failed (2: No such file or directory),client: 10.200.2.70,server: example.com,request: "GET /restricteddir/download/file/id/somefile.txt HTTP/1.1",host: "example.com"@H_403_4@所以现在我知道Nginx在错误的根/usr/share / Nginx / html /中找到这个位置而不是/ sites / public @H_403_4@所以也许我应该这样写:
location /sites/public/restricteddir/download/file {
allow 192.168.0.0/16;
allow 10.0.0.0/8;
deny all;
}
@H_403_4@EDIT2
@H_403_4@我将root指令移动到服务器块后现在在日志中启用了对location / restricteddir / download / file的限制后我有:
2012/08/09 10:43:12 [error] 32120#0: *71 open() "/site/public/restricteddir/download/file/id/somefile.txt" Failed (2: No such file or directory),client: 10.2.1.120,host: "example.com"@H_403_4@所以现在Nginx看起来正确,但没有找到enything.喜欢这个文件不是由PHP生成的?我很喜欢它,并且不知道什么是wront …这是一个简单的任务restrcit location为什么这不起作用? @H_403_4@EDIT3 @H_403_4@这就是我现在查看virtualhost配置的方式:
#example.com:443
server {
listen 443 default;
ssl on;
ssl_certificate example.crt;
ssl_certificate_key example.key;
ssl_session_timeout 15m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
server_name example.com;
access_log /var/log/Nginx/example.com.access.log;
error_log /var/log/Nginx/example.com.error.log;
root /sites/public;
location / {
index index.PHP;
if (!-f $request_filename) {
rewrite ^.*$/index.PHP last;
break;
}
}
location /restricteddir/download/file {
allow 192.168.0.0/16;
allow 10.0.0.0/8;
deny all;
}
#PHP
location ~ \.PHP${
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.PHP;
include /fastcgi_params;
fastcgi_param SCRIPT_FILENAME /sites/public$fastcgi_script_name;
}
}
server {
listen 80 default;
server_name example.com;
access_log off;
rewrite ^(.*)$https://example.com$1 permanent;
}
@H_403_4@所以我只是将root指令移动到服务器块,之后Nginx看起来很好,但仍然在设置404.我很困惑,因为我评论出位置/ restricteddir / download / file块一切正常,我可以下载文件.
@H_403_4@对我来说这不是很奇怪,因为它唯一的简单限制……为什么在启用它之后Nginx无法找到该文件…
