Hey all,

i am looking for the best way to manage my file uploads for a django app.

I am not completely sure if i should choose the plain Static or the Static/CGI/PHP app.

Static would probably be enough and performance wise even preferable, as i only deal with media files. But is there a way to disable the directory index/listing for the static directory?

As i couldn't find an option (no support for .htaccess) i tried the Static/CGI/PHP app.

I added the following lines to a .htaccess in my upload dir:

Options -Indexes 
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

But this doesn't seem to be enough. The listing of all uploaded files and subfolders still shows up. Did i forget an additional step (e.g. tweaking the httpd.conf) or something obvious?


In a broader perspective i wouldn't mind to even add a further level of security and use some kind of user authentication to access the files. Has someone tried this snippet: X-Sendfile static file serve view?

Does this work with apache/nginx on webfaction?

Are there eventually other, proven ways to solve authenticated access to uploaded files that i should consider?

Thanks, Andreas

asked 18 Apr '11, 02:29

andreas's gravatar image

andreas
32
accept rate: 0%


A 'static-only' application would give you the best performance (by far) and would also disable directory indexes. The only downside is that you can't have HTTP authentication with these types of applications.

If you do want to go with HTTP authentication, you're going to need a 'PHP/CGI/static' app. In this app your 'Options -Indexes' line in your .htaccess should have worked perfectly.

Could you point us to a directory where this isn't working? Feel free to open a support ticket if you don't want to give out this information here.

In a broader perspective i wouldn't mind to even add a further level of security and use some kind of user authentication to access the files. Has someone tried this snippet: X-Sendfile static file serve view?

Does this work with apache/nginx on webfaction?

mod_xsendfile does not come with any of our Apache-based applications so this won't work out of the box. You'd need to build the mod_xsendfile module elsewhere and copy it over to your server (and hope that it works).

We have an internal ticket to add a handful of popular modules to our Apache-based applciations and I believe mod_xsendfile is on there.

link

answered 18 Apr '11, 02:39

David%20L's gravatar image

David L ♦♦
1.4k13
accept rate: 44%

Thanks for your answer. Okay, i try it again and file a ticket, if it still doesn't work. Adding mod_xsendfile would be definitely great!

(18 Apr '11, 03:04) andreas andreas's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×742
×170
×109
×22
×19

Asked: 18 Apr '11, 02:29

Seen: 1,593 times

Last updated: 18 Apr '11, 03:04

Plans & prices    Sign up    Why WebFaction?    Contact us    Affiliate program    Support    Legal    Jobs    Blog    Control panel login
Powered by OSQA
© Copyright 2003-2012 Swarma Limited - WebFaction is a service of Swarma Limited