I started to play with xsendfile more. I noticed the mod_xsendfile floating around tried to basically replace what the default handler does very well.
Basically, my version does a subrequest for the file. This allows things like "Deny from all", etc, to work. This should be more secure, ie, if you set your deny's correctly, you can't "X-Sendfile: /etc/passwd". All in all, it seems more "httpd"-like, to me. It is very rough. I do not understand brigades enough to know why it is chunking every reply in my tests. I have tested with just a normal cgi setting the header. Not well tested. I'd like to see us work toward getting X-sendfile into the normal httpd distribution (along with mod_fcgid...) -- Brian Akins Chief Operations Engineer Turner Digital Media Technologies
mod_xsendfile.c
Description: Binary data