Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:config:internal-redirect [2018/09/25 21:07] Jackson Zhang [Internal Redirect via LiteSpeed] |
litespeed_wiki:config:internal-redirect [2018/09/27 21:10] Jackson Zhang [Internal Redirect] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Internal Redirect ====== | ====== Internal Redirect ====== | ||
| + | Web server internal redirect via backend response header, aka X-Sendfile or X-Accel-Redirect, is a feature used by some web backend developers and popularized by Ruby on Rails. LSWS and OLS use a simple header "Location" or "X-LiteSpeed-Location" to achieve the same goal. | ||
| - | ===== Introduction ===== | + | ===== What is this internal redirect via response header? ===== |
| - | + | ||
| - | Web server internal redirect via backend response header, aka X-Sendfile or X-Accel-Redirect, is a feature used by some web backend developers and popularized by Ruby on Rails. | + | |
| - | + | ||
| - | === What is this internal redirect via response header? === | + | |
| The backend process, instead of returning a full HTTP page response back, return only a pointer to a local path. | The backend process, instead of returning a full HTTP page response back, return only a pointer to a local path. | ||
| Line 14: | Line 11: | ||
| The end user is not aware of this internal redirection and the data returns appears from the original url. | The end user is not aware of this internal redirection and the data returns appears from the original url. | ||
| + | ===== Implemente internal redirect on LiteSpeed through header "X-LiteSpeed-Location" ===== | ||
| + | To get this to work on LiteSpeed, just use a simple header "X-LiteSpeed-Location" in your php script. | ||
| + | ==== Set header "Location" in your php script ==== | ||
| + | Set "**Location**" header pointing to a URL without ''<nowiki>http://domain</nowiki>'', just the URL without the hostname part. Do not set a "**Status**" header in response. Make sure no "Status" header is returned. PHP always adds "**Status**" header automatically when a "**Location**" header was set. | ||
| + | <?php | ||
| + | header('Location: /php-icon.png'); | ||
| + | ?> | ||
| - | + | ==== Set header "X-LiteSpeed-Location" in your php script ==== | |
| - | + | Add a special header "**X-LiteSpeed-Location**" starting from LSWS 3.0.2 to address this, just use it in the same way as a "**Location**" header. For example, just put a line like below to the php script: | |
| - | ===== Internal Redirect via LiteSpeed ===== | + | |
| - | + | ||
| - | To get this to work on LiteSpeed, just use a simple header "X-LiteSpeed-Location". | + | |
| - | + | ||
| - | === Details === | + | |
| - | + | ||
| - | In the return response, follow the directions below: | + | |
| - | + | ||
| - | - Return a normal "**Location**" header without ''<nowiki>http://domain</nowiki>'', just the URL without the hostname part. Do not set a "**Status**" header in response. Make sure no "Status" header is returned. PHP always adds "**Status**" header automatically when a "**Location**" header was set. | + | |
| - | - Add a special header "**X-LiteSpeed-Location**" starting from LSWS 3.0.2 to address this, just use it in the same way as a "**Location**" header. For example, just put a line like below to the php script: | + | |
| header('X-LiteSpeed-Location: /path/to/file_to_be_redirected'); | header('X-LiteSpeed-Location: /path/to/file_to_be_redirected'); | ||
| Line 46: | Line 40: | ||
| It will return the php-icon.png image. | It will return the php-icon.png image. | ||
| - | === Ruby-on-Rails=== | + | ==== How to download file instead of showing in browser? ==== |
| - | + | If you want to download file instead of showing in browser, you can add extra header "Content-Disposition" like the following: | |
| - | A short example on how to use Internal Redirect for sending files within a RoR Controller. Below is a sendfile function that can be attached to any action. | + | |
| - | + | ||
| - | def sendfile | + | |
| - | @name = session[:filename] # a session variable set in a view or other function | + | |
| - | filename = "public/download/" + @name # create the URI, must be under /public | + | |
| - | headers["Location"] = filename # set the 'Location header | + | |
| - | redirect_to(filename) # redirect | + | |
| - | end | + | |
| + | <?php | ||
| + | header('Content-Disposition: attachment; filename = php-icon.png'); | ||
| + | header('X-LiteSpeed-Location: /img/php-icon.png'); | ||
| + | ?> | ||
| + | then run http://yourdomain.com/test.php will download php-icon.png instead of showing in browser. | ||
| - | === Security Consideration === | + | ==== LiteSpeed uses a "URL" instead of "file path" ==== |
| Unlike X-Sendfile or X-Accel-Redirect implementation in other web servers, LiteSpeed uses a URL instead of file path for security reasons. In this way, only file under document root of a virtual host or a Context can be returned, otherwise, it could be a huge security issue if for some reason, either tricked or intentionally, the script sent back a header "X-Sendfile: /../etc/./passwd%00" or something like that, user accounts on your server is no longer a secret. 8-) | Unlike X-Sendfile or X-Accel-Redirect implementation in other web servers, LiteSpeed uses a URL instead of file path for security reasons. In this way, only file under document root of a virtual host or a Context can be returned, otherwise, it could be a huge security issue if for some reason, either tricked or intentionally, the script sent back a header "X-Sendfile: /../etc/./passwd%00" or something like that, user accounts on your server is no longer a secret. 8-) | ||
| - | === Protecting file from direct access === | + | ==== Protecting file from direct access ==== |
| If you want to prevent user from access the file directly, just use a hard to guess URL like "/you_never_know/where_file_is_stored/...", or you can use a rewrite rule (in httpd.conf) to deny direct access to the directory holding the files, something like | If you want to prevent user from access the file directly, just use a hard to guess URL like "/you_never_know/where_file_is_stored/...", or you can use a rewrite rule (in httpd.conf) to deny direct access to the directory holding the files, something like | ||
| Line 77: | Line 68: | ||
| Another advantage of our internal redirect implementation is that it does not limited to sending static files, it can be used to pass the request to another script for further processing. :-) | Another advantage of our internal redirect implementation is that it does not limited to sending static files, it can be used to pass the request to another script for further processing. :-) | ||
| + | |||
| + | ===== Ruby-on-Rails===== | ||
| + | |||
| + | A short example on how to use Internal Redirect for sending files within a RoR Controller. Below is a sendfile function that can be attached to any action. | ||
| + | |||
| + | def sendfile | ||
| + | @name = session[:filename] # a session variable set in a view or other function | ||
| + | filename = "public/download/" + @name # create the URI, must be under /public | ||
| + | headers["Location"] = filename # set the 'Location header | ||
| + | redirect_to(filename) # redirect | ||
| + | end | ||