search
HomeBackend DevelopmentPython TutorialPython's Flask framework and Nginx implement static file access restriction functions

Nginx configuration

Ngnix, a high-performance web server, is undoubtedly the darling of the moment. Excellent performance, flexible and scalable, conquering cities and conquering the world in the server field.

Static files are an integral part of most websites. Using Nginx to process static files is also a common way. However, some static files we do not expose to any user under any circumstances. For example, some files provided for users to download, some pictures uploaded by users that involve user privacy, etc. We want users to be able to access it when they are logged in, but not visible to users who are not logged in.

For rough processing, the back-end program can perform filtering. When rendering the page, the user login is verified in the view logic, and then the corresponding page is returned. For example, the following flask code (pseudocode)

@app.router('/user/idcard'):
def user_idcard_page():
 if user is login:
  return '<img  src="/static/imghwm/default1.png"  data-src="http://files.jb51.net/upload/user/xxx.png' alt="Python's Flask framework and Nginx implement static file access restriction functions" >"  class="lazy">"
 else:
  reutrn '<p>Pemission Denied<p>', 403

But there is another problem with this kind of processing. Static files are processed by nginx. If the hacker finds the absolute address of the file, directly visit http://www.example.com/upload/user/xxx.png It's also possible. It just so happens that these files involve user privacy, such as ID photos uploaded by users. Then the coders don't want the media to report the next day that the well-known website XXX has a vulnerability and that Hacker obtained the user's ID card and other information.

In order to achieve such restrictions, you can use a small function of Nginx----XSendfile. The principle is also relatively simple, probably using request redirection.

We know that if you use Nginx as a reverse proxy for the server front-end, when a request comes in, nginx will catch it first, and then forward it to the back-end program for processing according to the rules, or directly process and return. The former handles some dynamic logic, while the latter mostly handles static files. Therefore, in the above example, if the absolute address of the static file is directly accessed, Nginx will return it directly without calling the user_idcard_page of the backend for logical restrictions.

In order to solve this problem, the XSendfile function provided by nginx simply uses the internal directive. This instruction indicates that only internal requests, that is, requests forwarded by the backend, will be accepted. In the back-end view logic, the X-Accel-Redirect header information needs to be explicitly written.

The pseudo code is as follows:

location /upload/(.*) {
  alias /vagrant/;
  internal;
}

@app.router('upload/<filename>')
@login_required
def upload_file(filename):
 response = make_response()
 response['Content-Type'] = 'application/png'
 response['X-Accel-Redirect'] = '/vagrant/upload/%s' % filename
 return response

After such processing, static resources can be redirected. This kind of usage is relatively common, and many download servers can use this method to handle downloads based on user permissions.

Flask

Flask is my favorite web framework. Flask even implements a sendfile method, which is simpler than the above method. I used Vagrant to make a virtual machine and used Flask to achieve the above requirements. The specific code is as follows:

Project Structure

project struct

project
 app.py
 templates
 static
 0.jpeg
 upload
 0.jpeg

nginx configuration nginx conf

web.conf

server {
  listen 80 default_server;

  # server_name localhost;
  server_name 192.168.33.10;
  location / {
    proxy_pass http://127.0.0.1:8888;
    proxy_redirect off;
    proxy_set_header Host $host:8888;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  # 正常的静态文件
  location /static/(.*) {
    root /vagrant/;

  }
  # 用户上传的文件,需要做权限限制
  location /upload/(.*) {
    alias /vagrant/;
    internal;    # 只接受内部请求的指令
  }
}

Flask code

app.py

from functools import wraps
from flask import Flask, render_template, redirect, url_for, session, send_file

app = Flask(__name__)

app.config['SECRET_KEY'] = 'you never guess'

def login_required(f):
 @wraps(f)
 def decorated_function(*args, **kwargs):
  if not session.get('login'):
   return redirect(url_for('login', next=request.url))
  return f(*args, **kwargs)
 return decorated_function

@app.route('/')
def index():
 return 'index'


@app.route('/user')
@login_required
def user():

 return render_template('upload.html')

# 用户上传的文件视图处理,在此处返回请求给nginx
@app.route('/upload/<filename>')
@login_required
def upload(filename):

 return send_file('upload/{}'.format(filename))


@app.route('/login')
def login():
 session['login'] = True
 return 'log in'

@app.route('/logout')
def logout():
 session['login'] = False
 return 'log out'


if __name__ == '__main__':
 app.run(debug=True)

Simple deployment

gunicorn -w4 -b0.0.0.0:8888 app:app --access-logfile access.log --error-logfile error.log

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
How do you append elements to a Python array?How do you append elements to a Python array?Apr 30, 2025 am 12:19 AM

InPython,youappendelementstoalistusingtheappend()method.1)Useappend()forsingleelements:my_list.append(4).2)Useextend()or =formultipleelements:my_list.extend(another_list)ormy_list =[4,5,6].3)Useinsert()forspecificpositions:my_list.insert(1,5).Beaware

How do you debug shebang-related issues?How do you debug shebang-related issues?Apr 30, 2025 am 12:17 AM

The methods to debug the shebang problem include: 1. Check the shebang line to make sure it is the first line of the script and there are no prefixed spaces; 2. Verify whether the interpreter path is correct; 3. Call the interpreter directly to run the script to isolate the shebang problem; 4. Use strace or trusts to track the system calls; 5. Check the impact of environment variables on shebang.

How do you remove elements from a Python array?How do you remove elements from a Python array?Apr 30, 2025 am 12:16 AM

Pythonlistscanbemanipulatedusingseveralmethodstoremoveelements:1)Theremove()methodremovesthefirstoccurrenceofaspecifiedvalue.2)Thepop()methodremovesandreturnsanelementatagivenindex.3)Thedelstatementcanremoveanitemorslicebyindex.4)Listcomprehensionscr

What data types can be stored in a Python list?What data types can be stored in a Python list?Apr 30, 2025 am 12:07 AM

Pythonlistscanstoreanydatatype,includingintegers,strings,floats,booleans,otherlists,anddictionaries.Thisversatilityallowsformixed-typelists,whichcanbemanagedeffectivelyusingtypechecks,typehints,andspecializedlibrarieslikenumpyforperformance.Documenti

What are some common operations that can be performed on Python lists?What are some common operations that can be performed on Python lists?Apr 30, 2025 am 12:01 AM

Pythonlistssupportnumerousoperations:1)Addingelementswithappend(),extend(),andinsert().2)Removingitemsusingremove(),pop(),andclear().3)Accessingandmodifyingwithindexingandslicing.4)Searchingandsortingwithindex(),sort(),andreverse().5)Advancedoperatio

How do you create multi-dimensional arrays using NumPy?How do you create multi-dimensional arrays using NumPy?Apr 29, 2025 am 12:27 AM

Create multi-dimensional arrays with NumPy can be achieved through the following steps: 1) Use the numpy.array() function to create an array, such as np.array([[1,2,3],[4,5,6]]) to create a 2D array; 2) Use np.zeros(), np.ones(), np.random.random() and other functions to create an array filled with specific values; 3) Understand the shape and size properties of the array to ensure that the length of the sub-array is consistent and avoid errors; 4) Use the np.reshape() function to change the shape of the array; 5) Pay attention to memory usage to ensure that the code is clear and efficient.

Explain the concept of 'broadcasting' in NumPy arrays.Explain the concept of 'broadcasting' in NumPy arrays.Apr 29, 2025 am 12:23 AM

BroadcastinginNumPyisamethodtoperformoperationsonarraysofdifferentshapesbyautomaticallyaligningthem.Itsimplifiescode,enhancesreadability,andboostsperformance.Here'showitworks:1)Smallerarraysarepaddedwithonestomatchdimensions.2)Compatibledimensionsare

Explain how to choose between lists, array.array, and NumPy arrays for data storage.Explain how to choose between lists, array.array, and NumPy arrays for data storage.Apr 29, 2025 am 12:20 AM

ForPythondatastorage,chooselistsforflexibilitywithmixeddatatypes,array.arrayformemory-efficienthomogeneousnumericaldata,andNumPyarraysforadvancednumericalcomputing.Listsareversatilebutlessefficientforlargenumericaldatasets;array.arrayoffersamiddlegro

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function