WebFaction
Community site: login faq
0
2

I'd like to restrict access to a folder of documents to only those who are currently logged into my Django website. I know that it is bad practice to serve up files directly from Django (since this should be Apache's job), so what is the best practice here?

I've read about installing mod_xsendfile and then simply having an authentication-required view that does something like this:

response = HttpResponse(mimetype='application/force-download')
response['Content-Disposition'] = 'attachment; filename=%s' % smart_str(file_name)
response['X-Sendfile'] = smart_str(path_to_file)
return response

However, I'm not positive on the steps I need to follow to install mod_xsendfile on my existing Django installation on Webfaction. (My linux skills are still a bit lacking, sadly. But I'm good at following directions!)

Any help is greatly appreciated. Thanks!

asked 13 Oct '11, 09:00

vkdev
5246
accept rate: 0%


We have a post on our old forums on how to install mod_xsendfile.

Don't forget to specify

XSendFile on
XSendFilePath /full/path/to/those/files/I/wanna/send/

in your httpd.conf file (for mod_xsendfile 0.12 and up)

If you don't want to use mod_xsendfile you could use this from Stackoverflow:

@login_required
def serve_file(request, filename):
    fullname = myapp.settings.PRIVATE_AREA+filename
    try:
        f = file(fullname, "rb")
    except Exception, e:
        return page_not_found(request, template_name='404.html')
    try:
        wrapper = FileWrapper(f)
        response = HttpResponse(wrapper, mimetype=mimetypes.guess_type(filename))
        response['Content-Length'] = os.path.getsize(fullname)
        return response
    except Exception, e:
        return page_not_found(request, template_name='500.html')
permanent link

answered 13 Oct '11, 09:26

timg ♦♦
1.3k4
accept rate: 30%

Thanks, the instructions on installing mod_xsendfile worked out great.

(14 Oct '11, 12:22) vkdev

On older (RedHat 3/4) servers, you can't use /usr/sbin/apxs as it generates incompatible .so files. Instead, build apxs from source and use it, like this:

mkdir -p ~/xsend/src
cd ~/xsend/src
wget http://apache.tradebit.com/pub//httpd/httpd-2.2.21.tar.gz
tar -xzf httpd-2.2.21.tar.gz
cd httpd-2.2.21
./configure --prefix=$HOME/xsend
make && make install

cd $HOME/xsend/src
wget --no-check-certificate https://tn123.org/mod_xsendfile/mod_xsendfile.c
$HOME/xsend/bin/apxs -c mod_xsendfile.c
ld -Bshareable -o mod_xsendfile.so mod_xsendfile.o

# replace "DJANGO" with your django application name:

# edit your httpd.conf:
  # vim $HOME/webapps/DJANGO/apache2/conf/httpd.conf
  # Add:
  #     LoadModule xsendfile_module  modules/mod_xsendfile.so
  #     XSendFile on
  #     XSendFilePath /path/to/your/protected/media

cp mod_xsendfile.so $HOME/webapps/DJANGO/apache2/modules/
$HOME/webapps/DJANGO/apache2/bin/restart

Hope that helps!

(27 Oct '11, 22:47) ryans ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×909
×225
×69
×5

question asked: 13 Oct '11, 09:00

question was seen: 7,307 times

last updated: 27 Oct '11, 22:50

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM