Apache X-sendfile with permissions checking

Author:: h0axify
Posted:: March 31, 2012
Language:: Python
Version:: 1.3
Score:: 0 (after 0 ratings)

Download
Raw

This allows the mod_xsendfile module for Apache safely serving private files. Django take cake about processing and permissions checking, Apache server requested files.

Installation of mod_xsendfile:

$ tar -xzvf mod_xsendfile-0.12.tar.gz $ /usr/sbin/apxs -c mod_xsendfile-0.12/mod_xsendfile.c $ ld -Bshareable -o mod_xsendfile-0.12/mod_xsendfile.so mod_xsendfile-0.12/mod_xsendfile.o

Copy mod_xsendfile.so to your local Apache modules folder. Modify httpd.conf to load an enable the module:

LoadModule xsendfile_module modules/mod_xsendfile.so

Add to virtual host container: <Virtual ...:80> XSendFile On XSendFilePath /home/django_projects/mysite/media/ </Virtual>

Add to urls.py:
urlpatterns += patterns('',
    url(r'^media\/(?P<path>.*)$', 'views.media_xsendfile', {
        'document_root': settings.MEDIA_ROOT,
    }),
)


Add to views.py:
from django.conf import settings
from django.http import HttpResponse
from django.contrib.admin.views.decorators import staff_member_required

@staff_member_required
def media_xsendfile(request, path, document_root):
    response = HttpResponse()
    response['Content-Type'] = ''
    response['X-Sendfile'] = (os.path.join(settings.MEDIA_ROOT, path)).encode('utf-8')
    return response

Comments

btimby (on April 3, 2012):

Along with UTF-8 encoding, you should use URL encoding.

https://github.com/nmaier/mod_xsendfile/commit/0efcd03ac196930da6b139b77972c0d430e0225c

This way any non-ASCII chars can be safely sent via the HTTP header (which must be 7 bit values).

response['X-Sendfile'] = urllib.quote(os.path.join(settings.MEDIA_ROOT, path).encode('utf-8'))

MechanisM (on April 4, 2012):

Same for nginx but: X-Accel-Redirect instead of X-Sendfile

Please login first before commenting.

Apache X-sendfile with permissions checking

More like this

Comments