Nginx模块学习之————accesskey权限模块使用(简单的m3u8防盗链)-阿里云开发者社区

开发者社区> 安全> 正文
登录阅读全文

Nginx模块学习之————accesskey权限模块使用(简单的m3u8防盗链)

简介: 配置文件:http://www.cnblogs.com/tinywan/p/5983694.html 通过加密后的文件: 正确地址:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.

配置文件:http://www.cnblogs.com/tinywan/p/5983694.html

通过加密后的文件:

正确地址:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27e
参数错误地址:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27123213
没带参数:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8

【1】正确地址:  curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27e

www@iZ23a7607jaZ:/home/tinywan$ curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27e
HTTP/1.1 200 OK
Server: nginx/1.8.1
Date: Fri, 21 Oct 2016 09:12:39 GMT
Content-Type: application/vnd.apple.mpegurl
Content-Length: 367
Last-Modified: Fri, 21 Oct 2016 09:12:34 GMT
Connection: keep-alive
ETag: "5809dc02-16f"
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

#EXTM3U
#EXT-X-VERSION:3
#EXT-X-MEDIA-SEQUENCE:300
#EXT-X-TARGETDURATION:7
#EXT-X-KEY:METHOD=AES-128,URI="https://myserver.com/keys/S0000_8-300.key",IV=0x0000000000000000000000000000012C
#EXTINF:7.000,
S0000_8-300.ts
#EXTINF:7.000,
S0000_8-301.ts
#EXTINF:7.000,

【2】参数错误地址:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27123213

www@iZ23a7607jaZ:/home/tinywan$ curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8?key=c7e2d8f498920f1a86e4c95d4a58a27123213
HTTP/1.1 403 Forbidden
Server: nginx/1.8.1
Date: Fri, 21 Oct 2016 09:14:30 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.8.1</center>
</body>
</html>

【3】没有携带参数访问:curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8

www@iZ23a7607jaZ:/home/tinywan$ curl -i http://访问的IP地址(这里是直播节点IP地址)/hls/S0000_8.m3u8
HTTP/1.1 403 Forbidden
Server: nginx/1.8.1
Date: Fri, 21 Oct 2016 09:15:15 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.8.1</center>
</body>
</html>
www@iZ23a7607jaZ:/home/tinywan$ 

【4】Nginx config配置文件:

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '[$time_local][$remote_addr][$http_x_forwarded_for] $status "$request" "$http_referer" "$http_user_agent"';

    access_log  logs/access.log  main;

    sendfile        on;
    keepalive_timeout  65;

    server {
        listen 443 ssl;
        server_name example.com;

        #ssl_certificate /var/ssl/example.com.cert;
        #ssl_certificate_key /var/ssl/example.com.key;

        location /keys {
            root /tmp;
        }
    }
    server {
        set  $wwwroot  /home/www/node/html;

        listen       80;
        server_name  127.0.0.1;
        index        index.html;
        root         $wwwroot;
        access_log   logs/node.access.log  main;

        location /rtmp/stat {
            rtmp_stat all;
            rtmp_stat_stylesheet rtmpstat.xsl;
        }

        location /rtmpstat.xsl {
        }

        location /rtmp/control {
            rtmp_control all;
        }

        location ~* /hls/.*\.m3u8$ {
            types {
                application/vnd.apple.mpegurl m3u8;
            }
            root /tmp;
            add_header Cache-Control no-cache;
            add_header Access-Control-Allow-Origin *;
                 accesskey             on;
                accesskey_hashmethod  md5;
                accesskey_arg         "key";
                #accesskey_signature   "password$remote_addr";
                accesskey_signature   "password120.26.206.180";

        }

        location ~* /hls/.*\.ts$ {
            types {
                video/mp2t ts;
            }
            root /tmp;
            expires    1m;
            add_header Cache-Control public;
            add_header Access-Control-Allow-Origin *;
        }

        #error_page  404              /404.html;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        location /hls {
                accesskey             on;
                accesskey_hashmethod  md5;
                accesskey_arg         "key";
                accesskey_signature   "password$remote_addr";
                #accesskey_signature   "password115.29.201.161";

                alias /tmp/hls;
        }

        location /control {
                rtmp_control all;
        }

    }

}

rtmp {
    server {
        listen 1935;
        ping 30s;
        notify_method get;
        drop_idle_publisher 3s;

        application live {
            live on;
            #pull rtmp://121.40.133.183/live/206 name=206;
            #exec /home/www/bin/rtmpHLS.sh $name;
            exec /home/www/bin/autoRecord.sh $name;
            exec_kill_signal term;
            #exec_play /home/www/bin/execPlay.sh $name;
            #on_play http://sewise.amai8.com/authcheck/play;
            #录像模块
            recorder rec1 {
                       record all manual;
                       record_unique on;
                       record_notify on;
                       record_max_size 512M;
                       #record_interval 30s;
                       record_path /data/recorded_flvs;
                       record_suffix all.flv;

                       #录像停止后,先判断是否能上传,允许后则将录像上传到OSS/
                       exec_record_done /home/www/bin/rtmpRecorded.sh $name $path $filename $basename $dirname;
           }

       }
        hls on;
        hls_path /tmp/hls;
        #hls_sync 100ms;

        hls_keys on;
        #hls_key_path /tmp/keys;
        hls_key_url https://myserver.com/keys/;
        hls_fragments_per_key 10;

    }
}

 


版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

分享:
+ 订阅

云安全开发者的大本营

其他文章