Use the Nginx x-sendfile mechanism to control file access (PHP version)

BBS or website often have only you have permission to see this page, or download this resource, a few days ago visited the Nginx server how to realize this file control, used to X-sendfile.

One, what is x-sendfile.

X-sendfile is a mechanism for transferring file download requests from back-end applications to front-end Web server processing, which eliminates the pressure of the backend program to read both the file and the send, thereby significantly improving server efficiency, especially with large file downloads.

X-sendfile is implemented through a specific HTTP header: Specify the address of a file in the X-sendfile header to advertise the front-end Web server. When the Web server detects the header sent by the backend, it ignores the other output from the backend, and sends the file to the user using its own components, including the caching header and the breakpoint reset optimization mechanism.

However, before using x-sendfile, we must understand that this is not a standard feature, and by default it is disabled by most Web servers. The implementation of different Web servers is not the same, including a different X-sendfile header format. If improperly configured, the user may download to a 0-byte file.

Using X-sendfile will allow downloads of files in non-web directories, such as/root/, to be downloaded even if the files are not accessed under. htaccess protection.

Different Web servers implement different HTTP headers

SENDFILE Head	WEB server to use
X-sendfile	Apache, Lighttpd v1.5, Cherokee
X-lighttpd-send-file	LIGHTTPD v1.4
X-accel-redirect	Nginx, Cherokee

The disadvantage of using x-sendfile is that you lose control of the file transfer mechanism. For example, if you want to do something after the file is downloaded, such as allowing the user to download the file only once, this x-sendfile is not possible because the background PHP script does not know if the download was successful.

second, how to use Nginx. Nginx supports this feature by default and does not require additional modules to be loaded. Just to implement some difference, you need to send an HTTP header for X-accel-redirect. In addition, you need to make the following settings in the configuration file

    location/game/{
         internal
          alias/data/app/php/open.game.liebao.cn/default/game/;    //files can be placed in a different directory
         error_page 404 =200 @backend;                                        //if Access occurs 4 04 forward to the backend server
        
    location @backend {
        #pr Oxy_pass http://test.open.game.cn;                      //  can send requests from this directory to other machines   when the client initiates the request;
        rewrite ^/game/(. *) $/read_file.php?fn=$1 last;            &NBS P    //  When the client initiates the request, Rewritet jumps to the background program
   }   

Internal says this path can only be accessed within Nginx and cannot be accessed directly from the browser to prevent unauthorized downloads.

third, how to use the PHP program. <?php
$pay = 2;
$path = $_get["FN"]; Gets the URL parameter that the user accesses
if ($pay >1)//paid by plus x-accel-redirect head, you can access, otherwise inaccessible
{
Header ("Content-type:application/octet-stream"); File download time to use
Header ("X-accel-redirect:/game/". $path);
}
?> If you add a x-accel-redirect header, the user downloads to the file/game this path. Our file rights control is implemented.