# in your nginx.conf put something like this ''' location /protected { internal; # only the apache instance can access this url directly alias /protected/files/path/; } ''' # put something like this in your views.py and give it an entry in the urls.py # no point in letting unauthenticated users into the view # but this depends on your requirements @login_required def nginx_accel(request,id): ''' default django view, where id is an argument that identifies the ressource to be protected ''' allowed = False pFile = get_object_or_404(ProtectedFile,pk=id) # do your permission things here, and set allowed to True if applicable if allowed: response = HttpResponse() url = '/protected/protected.file' # this will obviously be different for every ressource # let nginx determine the correct content type response['Content-Type']="" response['X-Accel-Redirect'] = url return response return HttpResponseForbidden()