login community faq

File uploads - prevent listing, use authentication for access

0

Hey all,

i am looking for the best way to manage my file uploads for a django app.

I am not completely sure if i should choose the plain Static or the Static/CGI/PHP app.

Static would probably be enough and performance wise even preferable, as i only deal with media files. But is there a way to disable the directory index/listing for the static directory?

As i couldn't find an option (no support for .htaccess) i tried the Static/CGI/PHP app.

I added the following lines to a .htaccess in my upload dir:

1
2
3
4
5
Options -Indexes 
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

But this doesn't seem to be enough. The listing of all uploaded files and subfolders still shows up. Did i forget an additional step (e.g. tweaking the httpd.conf) or something obvious?

In a broader perspective i wouldn't mind to even add a further level of security and use some kind of user authentication to access the files. Has someone tried this snippet: X-Sendfile static file serve view?

Does this work with apache/nginx on webfaction?

Are there eventually other, proven ways to solve authenticated access to uploaded files that i should consider?

Thanks, Andreas

asked Apr 18 '11 at 02:29

andreas's gravatar image

andreas
32
One Answer:
oldestnewestmost voted
0

A 'static-only' application would give you the best performance (by far) and would also disable directory indexes. The only downside is that you can't have HTTP authentication with these types of applications.

If you do want to go with HTTP authentication, you're going to need a 'PHP/CGI/static' app. In this app your 'Options -Indexes' line in your .htaccess should have worked perfectly.

Could you point us to a directory where this isn't working? Feel free to open a support ticket if you don't want to give out this information here.

In a broader perspective i wouldn't mind to even add a further level of security and use some kind of user authentication to access the files. Has someone tried this snippet: X-Sendfile static file serve view?

Does this work with apache/nginx on webfaction?

mod_xsendfile does not come with any of our Apache-based applications so this won't work out of the box. You'd need to build the mod_xsendfile module elsewhere and copy it over to your server (and hope that it works).

We have an internal ticket to add a handful of popular modules to our Apache-based applciations and I believe mod_xsendfile is on there.

answered Apr 18 '11 at 02:39

David%20L's gravatar image

David L ♦♦
132113

Thanks for your answer. Okay, i try it again and file a ticket, if it still doesn't work. Adding mod_xsendfile would be definitely great!

(Apr 18 '11 at 03:04) andreas andreas's gravatar image
Your answer
If you have an answer to the above question, then use the form below. Otherwise, use the appropriate 'add new comment' button above to post your feedback.
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×641
×149
×90
×20
×17

Asked: Apr 18 '11 at 02:29

Seen: 1,128 times

Last updated: Apr 18 '11 at 03:04

Related questions

Large file uploads via Django

Django Static Media Error

Django app with static content under path + redirects

nginx serving static files configuration - django

How to give statics using a single application for different sites?

Serving static media (JS/CSS) in Django from a static app

Write files from Django

Installing Topincs

Serve static media from project folder in Django

Two host page setup

Plans & prices    Sign up    Why WebFaction?    Contact us    Affiliate program    Support    Legal    Jobs    Blog    Control panel login
Powered by OSQA
© Copyright 2003-2012 Swarma Limited - WebFaction is a service of Swarma Limited