Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

又拍云缩略图etag值与下载后的文件md5值不一致

0
0

在又拍云上传的文件,原文件 md5 值与响应头中的 etag 值一致,比如

$curl -I https://awen.me/uploads/IMG_4224.JPG -v

得到的 etag 值是

< Cache-Control: public, must-revalidate, max-age=1036800 Cache-Control: public, must-revalidate, max-age=1036800 < ETag: "955B00347688C48932AF1D746D196002" ETag: "955B00347688C48932AF1D746D196002" < Last-Modified: Thu, 22 Jun 2017 02:54:44 GMT Last-Modified: Thu, 22 Jun 2017 02:54:44 GMT < X-Oss-Request-Id: 594B54428881834B04B7662E X-Oss-Request-Id: 594B54428881834B04B7662E < X-Oss-Hash-Crc64ecma: 16915821891617572766 X-Oss-Hash-Crc64ecma: 16915821891617572766 < Content-Md5: lVsANHaIxIkyrx10bRlgAg== Content-Md5: lVsANHaIxIkyrx10bRlgAg== < Accept-Ranges: bytes Accept-Ranges: bytes

下载后得到的结果与原图是一样的

Downloads wget -c https://file.awen.me/blog/2017-06-22-025442.jpg!awen) --2017-06-22 16:30:51-- https://file.awen.me/blog/2017-06-22-025442.jpg!awen) Connecting to 127.0.0.1:1087... connected. Proxy request sent, awaiting response... 200 OK Length: 142041 (139K) [image/jpeg] Saving to: ‘2017-06-22-025442.jpg!awen)’ 2017-06-22-025442.jpg!awen) 100%[========================================================================================>] 138.71K --.-KB/s in 0.1s 2017-06-22 16:30:52 (1.06 MB/s) - ‘2017-06-22-025442.jpg!awen)’ saved [142041/142041] Downloads md5 2017-06-22-025442.jpg!awen) MD5 (2017-06-22-025442.jpg!awen) = 955b00347688c48932af1d746d196002

但是我们继续看下,请求缩略图

Downloads curl -I https://file.awen.me/blog/2017-06-22-025442.jpg!awen)\!500 -v * Trying 127.0.0.1... * TCP_NODELAY set * Connected to 127.0.0.1 (127.0.0.1) port 1087 (#0) * Establish HTTP proxy tunnel to file.awen.me:443 > CONNECT file.awen.me:443 HTTP/1.1 > Host: file.awen.me:443 > User-Agent: curl/7.51.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established HTTP/1.1 200 Connection established < * Proxy replied OK to CONNECT request * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: file.awen.me * Server certificate: Let's Encrypt Authority X3 * Server certificate: DST Root CA X3 > HEAD /blog/2017-06-22-025442.jpg!awen)!500 HTTP/1.1 > Host: file.awen.me > User-Agent: curl/7.51.0 > Accept: */* > < HTTP/1.1 200 OK HTTP/1.1 200 OK < Server: marco/1.4 Server: marco/1.4 < Date: Thu, 22 Jun 2017 08:32:10 GMT Date: Thu, 22 Jun 2017 08:32:10 GMT < Content-Type: image/png Content-Type: image/png < Content-Length: 175029 Content-Length: 175029 < Connection: keep-alive Connection: keep-alive < X-Source: C/200, G/200 X-Source: C/200, G/200 < Last-Modified: Thu, 22 Jun 2017 02:54:44 GMT Last-Modified: Thu, 22 Jun 2017 02:54:44 GMT < ETag: "b8beb4fa909148b01e2ba893ee569735" ETag: "b8beb4fa909148b01e2ba893ee569735" < Accept-Ranges: bytes Accept-Ranges: bytes < Expires: Tue, 04 Jul 2017 08:32:10 GMT Expires: Tue, 04 Jul 2017 08:32:10 GMT < Cache-Control: public, must-revalidate, max-age=1036800 Cache-Control: public, must-revalidate, max-age=1036800 < X-Request-Id: a95f28964d2c3e6bafbbf482f89c721b X-Request-Id: a95f28964d2c3e6bafbbf482f89c721b < Via: S.pcw-cn-hkg-167, T.89163.M.1, V.pcw-cn-hkg-163, M.pcw-cn-hkg-163 Via: S.pcw-cn-hkg-167, T.89163.M.1, V.pcw-cn-hkg-163, M.pcw-cn-hkg-163 < Strict-Transport-Security: max-age=15552000; includeSubDomains; preload Strict-Transport-Security: max-age=15552000; includeSubDomains; preload < * Curl_http_done: called premature == 0 * Connection #0 to host 127.0.0.1 left intact

etag 值是 b8beb4fa909148b01e2ba893ee569735 ,然后我们下载后看下 md5值

Downloads md5 2017-06-22-025442.jpg!awen)\!500 MD5 (2017-06-22-025442.jpg!awen)!500) = 887ea813a8397e783ff396aedecafaf7

不一致,原因是因为又拍云的缩略图是动态生成的,在动态制作的国产中增加了很多参数导致 md5值发生了变化。


Viewing all articles
Browse latest Browse all 12749