Mercurial > hg > nginx-site
annotate xml/ru/docs/http/ngx_http_secure_link_module.xml @ 2769:16f6fa718be2
Updated TLSv1.3 support notes.
Previous notes described some early development snapshot of OpenSSL 1.1.1
with disabled TLSv1.3 by default. It was then enabled in the first alpha.
Further, the updated text covers later major releases such as OpenSSL 3.0.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 30 Sep 2021 16:29:20 +0300 |
parents | 66a30a380fba |
children | 4add6ae1296f |
rev | line source |
---|---|
222
bfe3eff81d04
Removed redundant encoding specification.
Ruslan Ermilov <ru@nginx.com>
parents:
110
diff
changeset
|
1 <?xml version="1.0"?> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 |
580
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
367
diff
changeset
|
3 <!-- |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
367
diff
changeset
|
4 Copyright (C) Igor Sysoev |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
367
diff
changeset
|
5 Copyright (C) Nginx, Inc. |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
367
diff
changeset
|
6 --> |
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
367
diff
changeset
|
7 |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 |
342 | 10 <module name="Модуль ngx_http_secure_link_module" |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 link="/ru/docs/http/ngx_http_secure_link_module.html" |
589 | 12 lang="ru" |
1923
66a30a380fba
Fixed links to tools.ietf.org.
Ruslan Ermilov <ru@nginx.com>
parents:
1155
diff
changeset
|
13 rev="4"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
14 |
110
40eec261c2a6
Added proper support for anonymous sections, notably for the summary.
Ruslan Ermilov <ru@nginx.com>
parents:
102
diff
changeset
|
15 <section id="summary"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
16 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
17 <para> |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
18 Модуль <literal>ngx_http_secure_link_module</literal> (0.7.18) |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
19 позволяет проверять аутентичность запрашиваемых ссылок, |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
20 защищать ресурсы от несанкционированного доступа, |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
21 а также ограничивать срок действия ссылок. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
22 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
23 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
24 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
25 Правильность запрашиваемой ссылки проверяется сравнением переданного |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
26 в запросе значения контрольной суммы со значением, |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
27 вычисляемым для запроса. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
28 Если ссылка имеет ограниченный срок действия и он истёк, |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
29 ссылка считается устаревшей. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
30 Результат этих проверок делается доступным в переменной |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
31 <var>$secure_link</var>. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
32 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
33 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
34 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
35 Модуль реализует два альтернативных режима работы. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
36 В первом режиме, который включается директивой |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
37 <link id="secure_link_secret"/>, можно проверить аутентичность |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
38 запрашиваемых ссылок и защитить их от несанкционированного доступа. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
39 Второй режим (0.8.50) включается директивами |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
40 <link id="secure_link"/> и <link id="secure_link_md5"/>, |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
41 и позволяет также ограничить срок действия ссылок. |
342 | 42 </para> |
43 | |
44 <para> | |
45 По умолчанию этот модуль не собирается, его сборку необходимо | |
46 разрешить с помощью конфигурационного параметра | |
271 | 47 <literal>--with-http_secure_link_module</literal>. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
48 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
49 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
50 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
51 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
52 |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
53 <section id="directives" name="Директивы"> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
54 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
55 <directive name="secure_link"> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
56 <syntax><value>выражение</value></syntax> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
57 <default/> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
58 <context>http</context> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
59 <context>server</context> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
60 <context>location</context> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
61 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
62 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
63 Задаёт строку с переменными, из которой будет выделено значение |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
64 контрольной суммы и время действия ссылки. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
65 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
66 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
67 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
68 Используемые в выражении переменные обычно связаны с запросом; |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
69 см. <link id="secure_link_md5">пример</link> ниже. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
70 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
71 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
72 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
73 Выделенное из строки значение контрольной суммы сравнивается со |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
74 значением MD5-хэша, вычисляемым для выражения, заданного |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
75 директивой <link id="secure_link_md5"/>. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
76 Если контрольные суммы не совпадают, значением переменной |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
77 <var>$secure_link</var> становится пустая строка. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
78 Если контрольные суммы совпадают, проверяется время действия ссылки. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
79 Если срок действия ссылки задан и истёк, переменная |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
80 <var>$secure_link</var> получает значение “<literal>0</literal>”. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
81 В противном случае она получает значение “<literal>1</literal>”. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
82 Значение MD5-хэш передаётся в запросе закодированным в |
1923
66a30a380fba
Fixed links to tools.ietf.org.
Ruslan Ermilov <ru@nginx.com>
parents:
1155
diff
changeset
|
83 <link url="https://tools.ietf.org/html/rfc4648#section-5">base64url</link>. |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
84 </para> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 <para> |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
87 Если ссылка имеет ограниченный срок действия, время её действия |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
88 задаётся в секундах с начала эпохи (1 января 1970 года 00:00:00 GMT). |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
89 Значение указывается в выражении после MD5-хэша |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
90 и отделяется от него запятой. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
91 Время действия ссылки, переданное в запросе, делается доступным |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
92 в переменной <var>$secure_link_expires</var> для использования |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
93 в директиве <link id="secure_link_md5"/>. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
94 Если время действия ссылки не задано, ссылка имеет неограниченный |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
95 срок действия. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
96 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
97 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
98 </directive> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
99 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
100 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
101 <directive name="secure_link_md5"> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
102 <syntax><value>выражение</value></syntax> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
103 <default/> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
104 <context>http</context> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
105 <context>server</context> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
106 <context>location</context> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
107 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
108 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
109 Задаёт выражение, для которого считается значение MD5-хэш, |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
110 сравниваемое с переданным в запросе. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
111 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
112 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
113 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
114 Выражение должно содержать защищаемую часть ссылки (ресурс) |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
115 и секретную составляющую. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
116 Если ссылка имеет ограниченный срок действия, |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
117 выражение также должно содержать <var>$secure_link_expires</var>. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
118 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
119 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
120 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
121 Для предотвращения несанкционированного доступа выражение |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
122 может содержать информацию о клиенте, например, его адрес и |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
123 версию браузера. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
124 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
125 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
126 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
127 Пример: |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
128 <example> |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
129 location /s/ { |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
130 secure_link $arg_md5,$arg_expires; |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
131 secure_link_md5 "$secure_link_expires$uri$remote_addr secret"; |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
132 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
133 if ($secure_link = "") { |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
134 return 403; |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
135 } |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
136 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
137 if ($secure_link = "0") { |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
138 return 410; |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
139 } |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
140 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
141 ... |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
142 } |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
143 </example> |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
144 Ссылка |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
145 “<literal>/s/link?md5=_e4Nc3iduzkWRm01TBBNYw&expires=2147483647</literal>” |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
146 ограничивает доступ к “<literal>/s/link</literal>” для клиента с IP-адресом |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
147 127.0.0.1. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
148 Ссылка также имеет ограниченный срок действия до 19 января 2038 года (GMT). |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
149 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
150 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
151 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
152 Значение аргумента запроса <value>md5</value> на UNIX можно получить так: |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
153 <example> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
154 echo -n '2147483647/s/link127.0.0.1 secret' | \ |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
155 openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d = |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
156 </example> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
157 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
158 |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
159 </directive> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
160 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
161 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
162 <directive name="secure_link_secret"> |
102
c76a257f3fd4
The directive name is now automatically printed in <default> and <syntax>.
Ruslan Ermilov <ru@nginx.com>
parents:
99
diff
changeset
|
163 <syntax><value>слово</value></syntax> |
99
1d315ef37215
The case <default/> is now language-agnostic.
Ruslan Ermilov <ru@nginx.com>
parents:
76
diff
changeset
|
164 <default/> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
165 <context>location</context> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
166 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
167 <para> |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
168 Задаёт секретное <value>слово</value> для проверки аутентичности |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
169 запрашиваемых ссылок. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
170 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
171 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
172 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
173 Полный URI запрашиваемой ссылки выглядит так: |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
174 <example> |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
175 /<value>префикс</value>/<value>хэш</value>/<value>ссылка</value> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
176 </example> |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
177 где <value>хэш</value> — MD5-хэш в шестнадцатеричном виде, |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
178 вычисленный для конкатенации ссылки и секретного слова, |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
179 а <value>префикс</value> — произвольная строка без слэшей. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
180 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
181 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
182 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
183 Если запрашиваемая ссылка проходит проверку на аутентичность, |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
184 значением переменной <var>$secure_link</var> становится ссылка, |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
185 выделенная из URI запроса. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
186 В противном случае значением переменной <var>$secure_link</var> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
187 становится пустая строка. |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
188 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
189 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
190 <para> |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
191 Пример: |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
192 <example> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
193 location /p/ { |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
194 secure_link_secret secret; |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
195 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
196 if ($secure_link = "") { |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
197 return 403; |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
198 } |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
199 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
200 rewrite ^ /secure/$secure_link; |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
201 } |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
202 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
203 location /secure/ { |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
204 internal; |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
205 } |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
206 </example> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
207 По запросу “<literal>/p/5e814704a28d9bc1914ff19fa0c4a00a/link</literal>” |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
208 будет выполнено внутреннее перенаправление на |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
209 “<literal>/secure/link</literal>”. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
210 </para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
211 |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
212 <para> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
213 Значение хэша для данного примера на UNIX можно получить так: |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
214 <example> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
215 echo -n 'linksecret' | openssl md5 -hex |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
216 </example> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
217 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
218 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
219 </directive> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
220 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
221 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
222 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
223 |
342 | 224 <section id="variables" name="Встроенные переменные"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
225 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
226 <para> |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
227 <list type="tag" compact="no"> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
228 |
1155
07402a11fd8d
Assigned IDs to tags describing variables.
Vladimir Homutov <vl@nginx.com>
parents:
830
diff
changeset
|
229 <tag-name id="var_secure_link"><var>$secure_link</var></tag-name> |
342 | 230 <tag-desc> |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
231 Результат проверки ссылки. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
232 Конкретное значение зависит от выбранного режима работы. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
233 </tag-desc> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
234 |
1155
07402a11fd8d
Assigned IDs to tags describing variables.
Vladimir Homutov <vl@nginx.com>
parents:
830
diff
changeset
|
235 <tag-name id="var_secure_link_expires"><var>$secure_link_expires</var> |
07402a11fd8d
Assigned IDs to tags describing variables.
Vladimir Homutov <vl@nginx.com>
parents:
830
diff
changeset
|
236 </tag-name> |
830
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
237 <tag-desc> |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
238 Время действия ссылки, переданное в запросе. |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
239 Предназначено исключительно для использования в директиве |
42750c1b8d1b
Secure_link: documented newer operation mode.
Ruslan Ermilov <ru@nginx.com>
parents:
589
diff
changeset
|
240 <link id="secure_link_md5"/>. |
342 | 241 </tag-desc> |
76
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
242 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
243 </list> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
244 </para> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
245 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
246 </section> |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
247 |
4a4caa566120
Russian documentation import.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
248 </module> |