Shulou(Shulou.com)05/31 Report--

Today, I would like to share with you the relevant knowledge points about how to implement remote authentication configuration of CDN domain name of CVM based on Python. The content is detailed and the logic is clear. I believe most people still know too much about this, so share this article for your reference. I hope you can learn something after reading this article. Let's take a look at it.

Actual combat scene

In the actual combat of the project, you will encounter a specific OPS scenario to restrict CDN access. The general method is to enable referer hotlink protection, open IP blacklist and whitelist, and open UA blacklist and whitelist.

Achieve your goals:

Request CDN resources to call our authentication server

The authentication server acquires the request information and saves it to the log

Authentication success and failure are returned respectively

Enable remote authentication

After opening "switch" on the remote authentication page, the following configuration interface appears. The relevant details are described as follows:

Authentication server address: our own server, the address can be accessed, can be a domain name or IP address

Request method: supports three GET,POST,HEAD requests

Authentication file types: multiple file types are separated by |, for example, mp4 | flv

Reserved parameter setting: controls the parameters that need to be authenticated in the user's request URL, separated by |

Custom parameters: you can customize parameters. You can use variables preset on the CDN console. Multiple parameters are separated by |, for example, token=$arg_token | vendor=ali_cdn.

Retain the request header setting: control the parameters that need to be authenticated in the user request header. You can retain all the parameters or the specified parameters.

Add custom parameters: add custom parameters to the request header

Authentication status code: success 200, failure 403

Authentication timeout: unit is millisecond. The maximum duration can be set to 3000.

Refer to the above instructions to complete the configuration, and get the following interface. In this case, only files of m3u8 type are limited. Later, we will modify them according to the actual situation.

After the configuration is enabled, the static resource is accessed again, and 403 Forbidden will appear.

It should be noted here that since the m3u8 file is being tested, access to the file will be automatically downloaded if it is not prohibited.

Permission verification on Python side

The following code is written based on Flask and mainly saves the POST request data and Header request headers to a file. Log file, we use the logging module to write to the new.log file.

# Import Flask class from flask import Flaskfrom flask import requestfrom flask import render_templateimport loggingimport requestsimport timeimport randomimport base64logging.basicConfig (level=logging.DEBUG, filename='./new.log', filemode='a', format='% (asctime) s -% (pathname) s [line:% (lineno) d] -% (levelname) s:% (message) s') # instantiate Can be regarded as fixed format app = Flask (_ _ name__) @ app.route ('/ auth', methods= ['GET',' POST') 'HEAD']) def auth (): if request.method =' GET': args = request.args return "hello" if request.method = 'HEAD': print ("HEAD request") arges = request.form print ("parameter") logging.info (arges) print (request) print ("request header") headers = request.headers Print (headers) logging.info (headers) print ("request data") logging.info (request.data) return "login success" If request.method = "POST": print ("POST request") arges = request.form print (request) headers = request.headers print ("parameter") logging.info (arges) print ("request header") logging.info (headers) print ("request data") logging.info (request.data) return "login success" 200 # 403if _ _ name__ ='_ main__': # app.run (host, port, debug, options) # default value: host= "127.0.0.1", port=5000, debug=False app.run (host= "0.0.0.0", port=5000)

At this point, when you visit the CDN resource again, you will automatically call back your server for authentication. After the above code request is successful, the return status code is 200, and then the CDN resource can be accessed. If 403 is returned, it is disabled.

Verification logic

Server verification can be based on referer + ua + ip. To ensure efficiency, redis cache database can be used for configuration.

The above is all the contents of the article "how to realize the remote authentication configuration of CDN domain name of CVM based on Python". Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.