[英]Prevent direct file access to server files in tornado
I'm using python with tornado webserver. 我在龙卷风网络服务器上使用python。 the application works fine but I can't find a way to prevent the user on accessing server files directly via url.
该应用程序运行正常,但我找不到阻止用户直接通过url访问服务器文件的方法。 for example I have the following files in the server:
例如,我在服务器中有以下文件:
program.py program.py
index.html 的index.html
main.html main.html中
i wanted to prevent the user from accessing the above server files directly via web url 我想防止用户直接通过网址访问上述服务器文件
ex: localhost:8080/program.py or /index.html 例如:localhost:8080 / program.py或/index.html
i only wanted them to access localhost:8080/ or /home 我只希望他们访问localhost:8080 /或/ home
Thanks in advance 提前致谢
from ws4py.client.tornadoclient import TornadoWebSocketClient
import tornado.ioloop
import tornado.web
import tornado.websocket
import tornado.template
SETTING_CLIENT_LISTEN_PORT = 8080
class MainHandler(tornado.web.RequestHandler):
def get(self):
try:
loader = tornado.template.Loader(".")
self.write(loader.load("index.html").generate())
except Exception as e:
print("exception occured", e)
class CWSHandler(tornado.websocket.WebSocketHandler):
global waiters
def open(self):
print('###FUNCTION CWSHandler.open(self) start')
def on_close(self):
print('###FUNCTION CWSHandler.open(self) close')
def on_message(self, message):
print('###FUNCTION CWSHandler.on_message msg:', message)
settings = {
"cookie_secret": "bZJc2sWbQLKos6GkHn/VB9oXwQt8S0R0kRvJ5/xJ89E=",
"login_url": "/",
}
application = tornado.web.Application(handlers=[
(r'/', MainHandler),
(r'/cws', CWSHandler),
(r"/(.*)", tornado.web.StaticFileHandler,{'path':'./'})
], cookie_secret="bZJc2sWbQLKos6GkHn/VB9oXwQt8S0R0kRvJ5/xJ89E=")
if __name__ == "__main__":
server = tornado.httpserver.HTTPServer(application)
server.listen(SETTING_CLIENT_LISTEN_PORT)
try:
tornado.ioloop.IOLoop.instance().start()
server.stop()
except KeyboardInterrupt:
print("Keyboard interupt")
pass
finally:
server.stop()
tornado.ioloop.IOLoop.instance().stop()
The problem is with your urls, specifically: 问题出在您的网址,特别是:
(r"/(.*)", tornado.web.StaticFileHandler,{'path':'./'})
You have mapped r'/(.*)'
to {'path': './'}
, which is your project directory. 您已经将
r'/(.*)'
映射到{'path': './'}
,这是您的项目目录。 So, if a request comes in like localhost:8080/program.py
, it will be matched with this - /(.*)
and tornado will then look for a file named program.py
in your project directory. 因此,如果一个请求像
localhost:8080/program.py
一样/(.*)
,它将与此- localhost:8080/program.py
/(.*)
匹配,然后龙卷风将在您的项目目录中查找名为program.py
的文件。 If it finds it there, it will serve that file. 如果在此找到它,它将提供该文件。
You should keep all your static files in a separate directory called static
(you can name it anything you want, though) inside your project dir. 您应该将所有静态文件保存在项目目录中一个单独的目录中,该目录称为
static
(尽管您可以命名为任意名称)。 Then map this directory with the desired url. 然后使用所需的URL映射此目录。
Example: 例:
(r"/(.*)", tornado.web.StaticFileHandler,{'path': 'static'})
Or better yet, serve that directory under a /static/
url instead of - .*
. 或者更好的是,在
/static/
url下而不是- .*
下提供该目录。
(r"/static/(.*)", tornado.web.StaticFileHandler,{'path': 'static'})
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.