Django, Access control, Static content

software development


I’m using Django. I have some static files that should only be served to users who are logged in. There seem to be a lot of ways to skin this cat, but I haven’t found any available on the shared server.

  • I’ve done this using mod_python / PythonAccessHandler in another (non-DreamHost) project. Sadly, mod_python is only available on a private server

  • I tried to use WSGIAuthUserScript, but the htaccess directive: “AuthBasicProvider wsgi” causes an error:
    Unknown Authn provider: wsgi

  • I haven’t found any example of how to use FastCgiAccessChecker with python.

  • I thought about using a hack to add my Django users to a password file or database. But then they would have to log in again to get the files under AuthType Basic, Digest or DB. I want a single sign-on.

  • Django can serve static content, but claims to be insecure. Any idea how insecure? I don’t really know how to make it only serve static content to authenticated users.

Any ideas?




Cool! However, I couldn’t find anything online to indicate that mod_xsendfile is installed on DreamHost shared servers. Also I tried these directives in .htaccess:

Deny from all
XSendFile on
XSendFileAllowAbove on

and got the following error:

.htaccess: Invalid command ‘XSendFile’, perhaps misspelled or defined by a module not included in the server configuration

Do I need to do anything to enable mod_xsendfile?



My mistake — I thought mod_xsendfile was enabled on shared servers. Turns out it isn’t… yet. But I’ll get that changed early next week.


Awesome. Looking forward to it!

The first comment on this page seems to indicated that mod_wsgi 3.0 can already do this:

I’ve playing with it a bit, but I’ve not been able to get it to work.



mod_wsgi isn’t currently available on DreamHost. It’s been suggested; however, I’m not certain how well it’d work in a shared environment, as a lot of the configuration directives don’t work in .htaccess files.


Hello, are you still planning on installing mod_xsendfile?


I’ve been busy with other projects, but don’t worry — it’s still on the roadmap.


cheers Andrew, just adding a +1 request for this feature, it would really help us out!


Another +1. Mod_XSendFile would be an awesome module to have!


Another +1. I will be ecstatic when you get this in!


Another +1 here for mod_xsendfile!


Hi all, discovered this forum blog while researching x-sendfile. You may already be aware, but Dreamhost have a voting system where customers can suggest and vote for new features, and installing the x-sendfile mod is currently up for votes:

I’m hoping to get some support, if we all vote at once we can perhaps speed up the process!



Voting on that suggestion won’t actually make it happen any faster at this point — I’m already working on getting the Apache module installed everywhere so that we can turn it on.


Thanks Andrew, it’s going to be a really big help for me. I’m serving secured files painfully through a php chunker, it dies half the time cos it takes so long :frowning:

Awesome to know you’re workin’ on it… I only suggested the voting out of desperation :slight_smile:


Hey Andrew, just wondering how we’ll know when this gets done? I’m holding off my next product release until I can offer downloads via x-sendfile, so I’ll be keen to know as soon as something happens! Any news would be greatly appreciated




We’re still trying to get the module installed everywhere before we start enabling it, as enabling the module on a machine that doesn’t have it installed makes the web server fail to start up — yikes! I’ve installed and enabled it for you specifically, though, dylandylan, so you should be able to move forward with your development. Anyone else who wants it expedited for them can make a request here as well. :slight_smile:



please can you install for my website:

hosted on:

the X-Sendfile module or everything else equivalent to stream large file (plus than 200MB) without having timeouts/memory errors and cutted file on receiver side?
My website is very very useless without it… it’s a website that ONLY send files to users, notnng else, and it the files are cutted… it’s useless :frowning:

If you need some extra data, please ask :slight_smile:

Thank you so much

Please give me an ACK when ready…


Installed. However, your site would really be best served by cutting PHP out of the equation entirely and serving the MP3 files directly via Apache.


Andrew could you also install mod_xsendfile for hosted on cancer.dreamhost?

Much appreciated! So glad I stumbled on this thread.