032_nginx配置文件安全下载

Posted arun

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了032_nginx配置文件安全下载相关的知识,希望对你有一定的参考价值。


一、

server {
    listen 8866;
    server_name _;
    access_log /usr/local/etc/nginx/log/download.access.log main;
    error_log /usr/local/etc/nginx/log/download.error.log;
    location / {
      root /usr/local/etc/nginx/aruntestdir;
      if ($request_filename ~* ^.*?\\.(html|zip|gz)$){     #不能为空
              add_header Content-Disposition: \'attachment;\';
	      add_header Content-Type: \'APPLICATION/OCTET-STREAM\';
      }
    }
}

测试:

如下图所示在nginx的返回的网页Respons中添加头字段.

 

Request头解释:

<1>$request_filename

file path for the current request, based on the root or alias directives, and the request URI

<2>Content-Disposition

    In a regular HTTP response, the Content-Disposition response header is a header indicating if the content is expected to be displayed inline in the browser, that is, as a Web page or as part of a Web page, or as an attachment, that is downloaded and saved locally.
    attachment (indicating it should be downloaded; most browsers presenting a \'Save as\' dialog

Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition

<3>Content-Type

    The Content-Type entity header is used to indicate the media type of the resource.In responses, a Content-Type header tells the client what the content type of the returned content actually is.
    application/octet-stream meaning "download this file"

扩展:
What are MIME types?
MIME types describe the media type of content either in email or served by web servers or web applications and are intended to help guide a web browser in how the content is to be processed and displayed. Examples of MIME types are:

text/html for normal web pages
text/plain for plain text
text/css for Cascading Style Sheets
text/javascript for scripts
application/octet-stream meaning "download this file"
application/x-java-applet for Java applets
application/pdf for PDF documents

Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type 

二、附下载python脚本

#!/usr/bin/env python
import os
import urllib
def Schedule(blocks, blocksize, totalsizeofile):
    """
    The third argument, if present, is a hook function that will be called once on establishment of the network connection
    and once after each block read thereafter.
    The third argument may be -1 on older FTP servers which do not return a file size in response to a retrieval request.

    The hook will be passed three arguments;
    :param blocks: a count of blocks transferred so far
    :param blocksize:  a block size in bytes
    :param totalsizeofile: the total size of the file.
    :return:
    """
    percent = 100.0 * blocks * blocksize / totalsizeofile
    if percent > 100 :
        percent = 100
    print \'%.2f %%\' % percent
if __name__ == "__main__":
    url = \'http://127.0.0.1:8088/downtest.html\'    #download url
    local = os.path.join(\'/tmp\',\'downtest.html\')   #local path + filename
    #If no Content-Length header was supplied, urlretrieve() can not check the size of the data it has downloaded,
    # and just returns it. In this case you just have to assume that the download was successful.
    urllib.urlretrieve(url, local, Schedule)

 

以上是关于032_nginx配置文件安全下载的主要内容,如果未能解决你的问题,请参考以下文章

032-Flask_01-视图-路由

配置安全域名https申请免费证书并配置nginx运行环境

nginx解析漏洞

nginx.conf 忽略了 nginx-ingress 配置映射片段

Nginx配置文件详细介绍

实战http切换成https