On Mon, Aug 1, 2011 at 1:12 AM, Chris Seberino <cseber...@gmail.com> wrote: > My Django app only allows someone to access a /books page, that is > part of the Django app, if they are signed in. > > The pages below that URL are just static directory listings of PDFs > all handled by Apache. > For example /books/book_1, /books/book_2, etc. > > Because these directory listings aren't handled by Django, they don't > enjoy Django's access controls. They don't even have a view since > they are just static pages handled by Apache. > > Is there any way to somehow prevent access to them unless someone is > signed into my Django app? > > chris >
You can look into protecting them with mod_xsendfile for Apache (X-accel-redirect for nginx). Basically you restrict access to the directory from Apache so someone cannot naively navigate to that url/directory then set response headers in your django app. Apache will then read those response headers and serve the protected file. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
