安全链接 IP 绕过

Question

我认为下面的配置可能会起作用：

# Define your local ip blocks here
geo $local_client {
  default 0;
  127.0.0.1/32 1;
  10.0.0.0/8 1;
}

# This map allows uses the $local_client geo variable above
# to always allow local clients, and passes through $secure_link
# for remote clients.
map $local_client $client_allowed {
  0 $secure_link;
  1 1;
}

server {
  location /secured/ {
    secure_link $arg_st,$arg_e;
    secure_link_md5 <redacted>$uri$arg_e$remote_addr;
    sendfile on;
    tcp_nopush on;
    alias /srv/http/jmsdirectory/public_html/media/secured/;

    # $client_allowed is now a drop-in replacement for $secure_link
    if ($client_allowed = "0") {
      rewrite . /media/expired.html last;
    }

    if ($client_allowed = "") {
      rewrite . /media/bad_hash.html last;
    }
  }
}

Answer 1

我认为下面的配置可能会起作用：

# Define your local ip blocks here
geo $local_client {
  default 0;
  127.0.0.1/32 1;
  10.0.0.0/8 1;
}

# This map allows uses the $local_client geo variable above
# to always allow local clients, and passes through $secure_link
# for remote clients.
map $local_client $client_allowed {
  0 $secure_link;
  1 1;
}

server {
  location /secured/ {
    secure_link $arg_st,$arg_e;
    secure_link_md5 <redacted>$uri$arg_e$remote_addr;
    sendfile on;
    tcp_nopush on;
    alias /srv/http/jmsdirectory/public_html/media/secured/;

    # $client_allowed is now a drop-in replacement for $secure_link
    if ($client_allowed = "0") {
      rewrite . /media/expired.html last;
    }

    if ($client_allowed = "") {
      rewrite . /media/bad_hash.html last;
    }
  }
}

安全链接 IP 绕过

答案1

相关内容