Current time: 04-23-2014, 08:50 PM Hello There, Guest! (LoginRegister)

Post Reply 
Django, Access control, Static content
03-09-2011, 04:35 AM
Post: #21
RE: Django, Access control, Static content
Hi!
have a directory inside media-root that should be available only to registered users:
/mysite.com/public/media/restricted/

So we put inside it a file .htaccess with:
Deny from all
XSendFile on
XSendFileAllowAbove on

And map the url r'^media/restricted/(?P<subpath>.*)$' in urls.py

But something is missing?


If I do a request to a existing file, it will be denied by apache and the django view will not be called:
http://mysite.com/media/restricted/existingfile
"client denied by server configuration" (in error.log)


http://mysite.com/media/restricted/nonexistingfile
Only requests for non existing files will be processed by django...
Find all posts by this user
Quote this message in a reply
03-09-2011, 11:18 AM
Post: #22
RE: Django, Access control, Static content
mod_xsendfile doesn't control access to existing files, per se — it allows you to output a X-Sendfile header to specify an file to pull the response body from. It's generally easiest to get this to work by putting the file you're trying to control access to somewhere completely outside the document root, and having the Django view output a X-Sendfile header if appropriate, containing the path to the "real" file.
Find all posts by this user
Quote this message in a reply
07-02-2011, 01:59 AM
Post: #23
RE: Django, Access control, Static content
i think you guys are missing andrewf's point (or maybe I am as I don't use Django, but most frameworks are similar). you don't need mod_xsendfile. you use Django to control access to the files which are stored outside of the document root...
Find all posts by this user
Quote this message in a reply
08-19-2011, 02:25 PM
Post: #24
RE: Django, Access control, Static content
Hello. I had xsendfile working with django since march, but today it stopped working, and I've been unable to solve it. I can't see any problems in access.log nor error.log. Is there a way to get debug info from mod_xsendfile so I can see what is going wrong? The problem I'm seeing is that my downloaded files are now 0 bytes in length, which is the same thing that would happen if you give xsendfile a bogus file location. Was mod_xsendfile or anything else recently upgraded? Here's the django code:

// after some scrubbing of file_name:

f = open('/home/jeffhoye/account.neptunelive.com/public/media/protected/%s' % file_name)
file = File(f)

response = HttpResponse(mimetype='application/force-download')
response['X-Sendfile'] = 'media/protected/%s' % file_name
response['Content-Length'] = file.size
response['Content-Disposition'] = 'attachment; filename="%s"' % file_name

return response

I logged the file.size, and it is as expected, I also tried using the full path in the 'X-Sendfile' argument. Neither work. As far as I can tell this stopped working in the last week.

I'm on server obelix.

If you can log in and see what's going on with strace or something, the link to test the problem is:
http://account.neptunelive.com/game/jeff...monkey.txt

It should return a short text file, but it's 0 bytes.

Thanks!
-Jeff
Find all posts by this user
Quote this message in a reply
08-19-2011, 03:38 PM
Post: #25
RE: Django, Access control, Static content
Related: http://www.dreamhoststatus.com/2011/08/1...by-update/

Should be back up in a bit. We inadvertently ended up upgrading to a version of mod_xsendfile which didn't support the same configuration directives as the previous version.
Find all posts by this user
Quote this message in a reply
08-31-2011, 06:54 PM
Post: #26
RE: Django, Access control, Static content
(08-19-2011 03:38 PM)andrewf Wrote:  Related: http://www.dreamhoststatus.com/2011/08/1...by-update/

Should be back up in a bit. We inadvertently ended up upgrading to a version of mod_xsendfile which didn't support the same configuration directives as the previous version.

I hate to be "that guy" and revive an old thread, but I am new to Dreamhost and was wondering if it is still necessary to individually request mod_xsendfile to be enabled on our site? If so, can I get it added on thejoecole.com?

If not, then I am having problems and will be asking for more help!
Find all posts by this user
Quote this message in a reply
12-09-2011, 04:53 PM
Post: #27
RE: Django, Access control, Static content
We now have a process in place to allow Support staff to enable mod_xsendfile on a domain-by-domain basis.

I am no longer handling requests for mod_xsendfile through this forum.
Please contact DreamHost Support to enable this module for your domains.


If you have any questions about mod_xsendfile, though, feel free to ask them here.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: