i am looking for the best way to manage my file uploads for a django app.
I am not completely sure if i should choose the plain Static or the Static/CGI/PHP app.
Static would probably be enough and performance wise even preferable, as i only deal with media files. But is there a way to disable the directory index/listing for the static directory?
As i couldn't find an option (no support for .htaccess) i tried the Static/CGI/PHP app.
I added the following lines to a .htaccess in my upload dir:
But this doesn't seem to be enough. The listing of all uploaded files and subfolders still shows up. Did i forget an additional step (e.g. tweaking the httpd.conf) or something obvious?
In a broader perspective i wouldn't mind to even add a further level of security and use some kind of user authentication to access the files. Has someone tried this snippet: X-Sendfile static file serve view?
Does this work with apache/nginx on webfaction?
Are there eventually other, proven ways to solve authenticated access to uploaded files that i should consider?
asked 18 Apr '11, 02:29
A 'static-only' application would give you the best performance (by far) and would also disable directory indexes. The only downside is that you can't have HTTP authentication with these types of applications.
If you do want to go with HTTP authentication, you're going to need a 'PHP/CGI/static' app. In this app your 'Options -Indexes' line in your .htaccess should have worked perfectly.
Could you point us to a directory where this isn't working? Feel free to open a support ticket if you don't want to give out this information here.
mod_xsendfile does not come with any of our Apache-based applications so this won't work out of the box. You'd need to build the mod_xsendfile module elsewhere and copy it over to your server (and hope that it works).
We have an internal ticket to add a handful of popular modules to our Apache-based applciations and I believe mod_xsendfile is on there.
answered 18 Apr '11, 02:39
David L ♦♦