Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Recommended Posts

1、问题

  • 直接放在WEB目录下,文件不安全,没有认证可以直接访问;
  • PHP认证通过后返回WEB目录下的真实文件地址,不安全,访问一次后后续可以直接访问;
  • 用PHP读MP4文件然后再输出:加载速度、内存占用、快进快退都会有问题;

2、解决思路:

  • 采用php认证后nginx播放
  • 转hls后加密播放

3、PHP认证后nginx播放

在nginx中配置:

    # 这里使用internal做下载防护,只允许内部程序(PHP等)访问,这样外部直接访问这个地址就会提示404错误
    location ~ \.mp4$ {
        internal;
       # 这里的路径配置是可选的,可以配置到网站外部,和其他location里的配置路径是一个意思,可以更好的防止文件被通过网址下载
        root /opt/video; 
    }

 

在PHP中在认证通过后,写:

header('X-Accel-Redirect:/20220822/06.mp4')

 

将带认证的php文件作为video标签的src,就能播放服务器上:/opt/video/20220822/06. mp4 文件。

 

存在的问题及解决方法:

nginx这种写法可能导致所有的mp4请求都走/opt/video,如果之前有已经存放在web目录下直接访问的mp4文件,需要兼容已有程序,这么做:

    location /28dfs238deswh9HJGAS38/  {
        internal;
        alias /opt/video; 
    }

php里这么写:

header('X-Accel-Redirect:/28dfs238deswh9HJGAS38/20220822/06.mp4')

 

 

4、转hls后的加密播放(未完待续)

 

Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...