gpt4 book ai didi

lighttpd mod_secdownload 总是 404

转载 作者:行者123 更新时间:2023-12-03 20:47:33 28 4
gpt4 key购买 nike

我正在尝试为我公司的开发环境设置过期网址。我们使用 lighttpd在此环境中提供上传的文件,我发现 these docs这似乎相当有希望。
问题是我似乎根本无法让它工作,而且我有点不知所措,试图找出原因。它服务于 secdownload.uri-prefix 下的路径通常,就好像它们是正常 server.document root 下不 protected 文件一样.
这是我的整个配置文件:

server.modules = (
"mod_secdownload"
)

server.document-root = "/var/www/html"
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 8080

secdownload.secret = "seecrat"
secdownload.document-root = "/var/www/download-area/"
secdownload.algorithm = "md5"
secdownload.uri-prefix = "/dl/"

debug.log-request-handling = "enable"

这是从 Node.js 创建 url 的 JS 片段:
const md5 = require("md5");
const filePath = "/some-image.png";
const timestamp = Date.now().toString(16);
const signature = md5("seecrat" + filePath + timestamp);
console.log(`http://localhost:8080/dl/${signature}/${timestamp}${filePath}`);
这是此代码生成的示例网址:
http://localhost:8080/dl/5fe360f8c62ea912363b653ba9383e01/175f67cd240/some-image.png
当我通过浏览器导航到此 URL 时,我收到 404 Not Found,并且此请求的调试日志如下所示:
2020-11-23 14:03:02: (response.c.447) -- splitting Request-URI 
2020-11-23 14:03:02: (response.c.448) Request-URI : /dl/5fe360f8c62ea912363b653ba9383e01/175f67cd240/some-image.png
2020-11-23 14:03:02: (response.c.449) URI-scheme : http
2020-11-23 14:03:02: (response.c.450) URI-authority : localhost:8080
2020-11-23 14:03:02: (response.c.451) URI-path (raw) : /dl/5fe360f8c62ea912363b653ba9383e01/175f67cd240/some-image.png
2020-11-23 14:03:02: (response.c.452) URI-path (clean): /dl/5fe360f8c62ea912363b653ba9383e01/175f67cd240/some-image.png
2020-11-23 14:03:02: (response.c.453) URI-query :
2020-11-23 14:03:02: (response.c.598) -- before doc_root
2020-11-23 14:03:02: (response.c.599) Doc-Root : /var/www/html
2020-11-23 14:03:02: (response.c.600) Rel-Path : /dl/5fe360f8c62ea912363b653ba9383e01/175f67cd240/some-image.png
2020-11-23 14:03:02: (response.c.601) Path :
2020-11-23 14:03:02: (response.c.643) -- after doc_root
2020-11-23 14:03:02: (response.c.644) Doc-Root : /var/www/html
2020-11-23 14:03:02: (response.c.645) Rel-Path : /dl/5fe360f8c62ea912363b653ba9383e01/175f67cd240/some-image.png
2020-11-23 14:03:02: (response.c.646) Path : /var/www/html/dl/5fe360f8c62ea912363b653ba9383e01/175f67cd240/some-image.png
2020-11-23 14:03:02: (response.c.670) -- logical -> physical
2020-11-23 14:03:02: (response.c.671) Doc-Root : /var/www/html
2020-11-23 14:03:02: (response.c.672) Basedir : /var/www/html
2020-11-23 14:03:02: (response.c.673) Rel-Path : /dl/5fe360f8c62ea912363b653ba9383e01/175f67cd240/some-image.png
2020-11-23 14:03:02: (response.c.674) Path : /var/www/html/dl/5fe360f8c62ea912363b653ba9383e01/175f67cd240/some-image.png
2020-11-23 14:03:02: (response.c.686) -- handling physical path
2020-11-23 14:03:02: (response.c.687) Path : /var/www/html/dl/5fe360f8c62ea912363b653ba9383e01/175f67cd240/some-image.png
2020-11-23 14:03:02: (response.c.162) -- file not found
2020-11-23 14:03:02: (response.c.163) Path : /var/www/html/dl/5fe360f8c62ea912363b653ba9383e01/175f67cd240/some-image.png
显然,它正在查看 /var/www/html而不是 /var/www/download-area正如预期的那样。
编辑:
为清楚起见,已编辑此问题。我从我的配置中删除了不相关的东西,并从请求处理程序中添加了一个调试日志。

最佳答案

secdownload.uri-prefix = "/dl/"


const filePath = "/some-image.png";


这些不匹配。我想你是说 const filePath = "/dl/some-image.png"; mod_secdownload 中提供了许多不同编程语言的示例。您链接到的文档。
如果 mod_secdownload 拦截了对/dl/* 的所有请求,则可以在/dl/* 下访问的文件受到保护。另一方面,如果我可以直接从您的服务器请求/some-image.png,绕过/dl/... 和 mod_secdownload,那么/some-image.png 就没有得到很好的保护。
[编辑] 在/var/www/html/some-image.png 下找到 some-image.png 了吗? (使用您的配置 secdownload.document-root = "/var/www/html/" )

关于lighttpd mod_secdownload 总是 404,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64840751/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com