nginx-site: xml/ru/docs/http/ngx_http_secure_link

annotate xml/ru/docs/http/ngx_http_secure_link_module.xml @ 2769:16f6fa718be2

Updated TLSv1.3 support notes. Previous notes described some early development snapshot of OpenSSL 1.1.1 with disabled TLSv1.3 by default. It was then enabled in the first alpha. Further, the updated text covers later major releases such as OpenSSL 3.0.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Thu, 30 Sep 2021 16:29:20 +0300
parents	66a30a380fba
children	4add6ae1296f

rev	line source
222 bfe3eff81d04 Removed redundant encoding specification. Ruslan Ermilov <ru@nginx.com> parents: 110 diff changeset	1 <?xml version="1.0"?>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	2
580 be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 367 diff changeset	3 <!--
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 367 diff changeset	4 Copyright (C) Igor Sysoev
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 367 diff changeset	5 Copyright (C) Nginx, Inc.
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 367 diff changeset	6 -->
be54c443235a Added copyright markers to documentation sources. Ruslan Ermilov <ru@nginx.com> parents: 367 diff changeset	7
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	9
342 a076f7661569 Revision. Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	10 <module name="Модуль ngx_http_secure_link_module"
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	11 link="/ru/docs/http/ngx_http_secure_link_module.html"
589 764fbac1b8b4 Added document revision. Ruslan Ermilov <ru@nginx.com> parents: 580 diff changeset	12 lang="ru"
1923 66a30a380fba Fixed links to tools.ietf.org. Ruslan Ermilov <ru@nginx.com> parents: 1155 diff changeset	13 rev="4">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	14
110 40eec261c2a6 Added proper support for anonymous sections, notably for the summary. Ruslan Ermilov <ru@nginx.com> parents: 102 diff changeset	15 <section id="summary">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	16
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	17 <para>
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	18 Модуль <literal>ngx_http_secure_link_module</literal> (0.7.18)
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	19 позволяет проверять аутентичность запрашиваемых ссылок,
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	20 защищать ресурсы от несанкционированного доступа,
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	21 а также ограничивать срок действия ссылок.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	22 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	23
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	24 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	25 Правильность запрашиваемой ссылки проверяется сравнением переданного
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	26 в запросе значения контрольной суммы со значением,
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	27 вычисляемым для запроса.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	28 Если ссылка имеет ограниченный срок действия и он истёк,
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	29 ссылка считается устаревшей.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	30 Результат этих проверок делается доступным в переменной
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	31 <var>$secure_link</var>.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	32 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	33
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	34 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	35 Модуль реализует два альтернативных режима работы.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	36 В первом режиме, который включается директивой
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	37 <link id="secure_link_secret"/>, можно проверить аутентичность
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	38 запрашиваемых ссылок и защитить их от несанкционированного доступа.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	39 Второй режим (0.8.50) включается директивами
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	40 <link id="secure_link"/> и <link id="secure_link_md5"/>,
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	41 и позволяет также ограничить срок действия ссылок.
342 a076f7661569 Revision. Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	42 </para>
a076f7661569 Revision. Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	43
a076f7661569 Revision. Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	44 <para>
a076f7661569 Revision. Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	45 По умолчанию этот модуль не собирается, его сборку необходимо
a076f7661569 Revision. Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	46 разрешить с помощью конфигурационного параметра
271 4c6d2c614d2c Cleaned up XML tag mess: Ruslan Ermilov <ru@nginx.com> parents: 222 diff changeset	47 <literal>--with-http_secure_link_module</literal>.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	48 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	49
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	50 </section>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	51
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	52
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	53 <section id="directives" name="Директивы">
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	54
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	55 <directive name="secure_link">
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	56 <syntax><value>выражение</value></syntax>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	57 <default/>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	58 <context>http</context>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	59 <context>server</context>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	60 <context>location</context>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	61
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	62 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	63 Задаёт строку с переменными, из которой будет выделено значение
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	64 контрольной суммы и время действия ссылки.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	65 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	66
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	67 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	68 Используемые в выражении переменные обычно связаны с запросом;
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	69 см. <link id="secure_link_md5">пример</link> ниже.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	70 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	71
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	72 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	73 Выделенное из строки значение контрольной суммы сравнивается со
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	74 значением MD5-хэша, вычисляемым для выражения, заданного
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	75 директивой <link id="secure_link_md5"/>.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	76 Если контрольные суммы не совпадают, значением переменной
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	77 <var>$secure_link</var> становится пустая строка.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	78 Если контрольные суммы совпадают, проверяется время действия ссылки.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	79 Если срок действия ссылки задан и истёк, переменная
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	80 <var>$secure_link</var> получает значение “<literal>0</literal>”.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	81 В противном случае она получает значение “<literal>1</literal>”.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	82 Значение MD5-хэш передаётся в запросе закодированным в
1923 66a30a380fba Fixed links to tools.ietf.org. Ruslan Ermilov <ru@nginx.com> parents: 1155 diff changeset	83 <link url="https://tools.ietf.org/html/rfc4648#section-5">base64url</link>.
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	84 </para>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	85
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	86 <para>
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	87 Если ссылка имеет ограниченный срок действия, время её действия
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	88 задаётся в секундах с начала эпохи (1 января 1970 года 00:00:00 GMT).
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	89 Значение указывается в выражении после MD5-хэша
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	90 и отделяется от него запятой.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	91 Время действия ссылки, переданное в запросе, делается доступным
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	92 в переменной <var>$secure_link_expires</var> для использования
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	93 в директиве <link id="secure_link_md5"/>.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	94 Если время действия ссылки не задано, ссылка имеет неограниченный
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	95 срок действия.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	96 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	97
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	98 </directive>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	99
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	100
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	101 <directive name="secure_link_md5">
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	102 <syntax><value>выражение</value></syntax>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	103 <default/>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	104 <context>http</context>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	105 <context>server</context>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	106 <context>location</context>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	107
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	108 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	109 Задаёт выражение, для которого считается значение MD5-хэш,
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	110 сравниваемое с переданным в запросе.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	111 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	112
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	113 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	114 Выражение должно содержать защищаемую часть ссылки (ресурс)
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	115 и секретную составляющую.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	116 Если ссылка имеет ограниченный срок действия,
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	117 выражение также должно содержать <var>$secure_link_expires</var>.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	118 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	119
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	120 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	121 Для предотвращения несанкционированного доступа выражение
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	122 может содержать информацию о клиенте, например, его адрес и
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	123 версию браузера.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	124 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	125
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	126 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	127 Пример:
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	128 <example>
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	129 location /s/ {
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	130 secure_link $arg_md5,$arg_expires;
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	131 secure_link_md5 "$secure_link_expires$uri$remote_addr secret";
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	132
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	133 if ($secure_link = "") {
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	134 return 403;
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	135 }
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	136
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	137 if ($secure_link = "0") {
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	138 return 410;
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	139 }
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	140
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	141 ...
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	142 }
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	143 </example>
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	144 Ссылка
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	145 “<literal>/s/link?md5=_e4Nc3iduzkWRm01TBBNYw&expires=2147483647</literal>”
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	146 ограничивает доступ к “<literal>/s/link</literal>” для клиента с IP-адресом
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	147 127.0.0.1.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	148 Ссылка также имеет ограниченный срок действия до 19 января 2038 года (GMT).
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	149 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	150
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	151 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	152 Значение аргумента запроса <value>md5</value> на UNIX можно получить так:
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	153 <example>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	154 echo -n '2147483647/s/link127.0.0.1 secret' \| \
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	155 openssl md5 -binary \| openssl base64 \| tr +/ -_ \| tr -d =
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	156 </example>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	157 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	158
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	159 </directive>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	160
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	161
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	162 <directive name="secure_link_secret">
102 c76a257f3fd4 The directive name is now automatically printed in <default> and <syntax>. Ruslan Ermilov <ru@nginx.com> parents: 99 diff changeset	163 <syntax><value>слово</value></syntax>
99 1d315ef37215 The case <default/> is now language-agnostic. Ruslan Ermilov <ru@nginx.com> parents: 76 diff changeset	164 <default/>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	165 <context>location</context>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	166
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	167 <para>
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	168 Задаёт секретное <value>слово</value> для проверки аутентичности
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	169 запрашиваемых ссылок.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	170 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	171
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	172 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	173 Полный URI запрашиваемой ссылки выглядит так:
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	174 <example>
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	175 /<value>префикс</value>/<value>хэш</value>/<value>ссылка</value>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	176 </example>
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	177 где <value>хэш</value> — MD5-хэш в шестнадцатеричном виде,
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	178 вычисленный для конкатенации ссылки и секретного слова,
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	179 а <value>префикс</value> — произвольная строка без слэшей.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	180 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	181
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	182 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	183 Если запрашиваемая ссылка проходит проверку на аутентичность,
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	184 значением переменной <var>$secure_link</var> становится ссылка,
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	185 выделенная из URI запроса.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	186 В противном случае значением переменной <var>$secure_link</var>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	187 становится пустая строка.
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	188 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	189
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	190 <para>
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	191 Пример:
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	192 <example>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	193 location /p/ {
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	194 secure_link_secret secret;
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	195
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	196 if ($secure_link = "") {
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	197 return 403;
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	198 }
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	199
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	200 rewrite ^ /secure/$secure_link;
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	201 }
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	202
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	203 location /secure/ {
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	204 internal;
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	205 }
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	206 </example>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	207 По запросу “<literal>/p/5e814704a28d9bc1914ff19fa0c4a00a/link</literal>”
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	208 будет выполнено внутреннее перенаправление на
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	209 “<literal>/secure/link</literal>”.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	210 </para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	211
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	212 <para>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	213 Значение хэша для данного примера на UNIX можно получить так:
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	214 <example>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	215 echo -n 'linksecret' \| openssl md5 -hex
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	216 </example>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	217 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	218
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	219 </directive>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	220
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	221 </section>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	222
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	223
342 a076f7661569 Revision. Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	224 <section id="variables" name="Встроенные переменные">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	225
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	226 <para>
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	227 <list type="tag" compact="no">
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	228
1155 07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 830 diff changeset	229 <tag-name id="var_secure_link"><var>$secure_link</var></tag-name>
342 a076f7661569 Revision. Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	230 <tag-desc>
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	231 Результат проверки ссылки.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	232 Конкретное значение зависит от выбранного режима работы.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	233 </tag-desc>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	234
1155 07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 830 diff changeset	235 <tag-name id="var_secure_link_expires"><var>$secure_link_expires</var>
07402a11fd8d Assigned IDs to tags describing variables. Vladimir Homutov <vl@nginx.com> parents: 830 diff changeset	236 </tag-name>
830 42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	237 <tag-desc>
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	238 Время действия ссылки, переданное в запросе.
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	239 Предназначено исключительно для использования в директиве
42750c1b8d1b Secure_link: documented newer operation mode. Ruslan Ermilov <ru@nginx.com> parents: 589 diff changeset	240 <link id="secure_link_md5"/>.
342 a076f7661569 Revision. Ruslan Ermilov <ru@nginx.com> parents: 285 diff changeset	241 </tag-desc>
76 4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	242
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	243 </list>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	244 </para>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	245
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	246 </section>
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	247
4a4caa566120 Russian documentation import. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	248 </module>

Mercurial > hg > nginx-site

annotate xml/ru/docs/http/ngx_http_secure_link_module.xml @ 2769:16f6fa718be2