I'm not aware of any solution except serving from Django if you can't install Apache plugins.
If you're really stuck with serving large files from Django I'd recommend you stream<https://docs.djangoproject.com/en/1.5/ref/request-response/#django.http.StreamingHttpResponse>the content of the file instead of loading its content in memory. But you *really *shouldn't serve large files from Django. Le mardi 24 septembre 2013 16:53:58 UTC-4, J Y a écrit : > > I am buliding a tool that needs to have the ability to allow user to > upload a file, and the file should only be accessible by the user who > uploaded it. It seems that the MEDIA_ROOT directory must be placed in the > public www directory for front end web servers Apache to serve the file, > which currently does not restrict access to any of the uploaded files. > What I am looking for is a way that I can lock it down so that if they try > to access the file directly, I would bring up a login screen and they must > authenticate before I give them access to it. > > I did some searching around, and found various solutions to the problem, > but none of them sounds like it would work for me. My requirements are: > > 1. My front-end web server must be Apache > 2. Apache setup and config cannot be changed to accommodate my site alone > (unless it's a config I can easily override in .htaccess) > 3. Users should not have to log in twice (If they authenticated against > django already, no reason to ask them to login to Apache again) > 3. Use django to serve the files as a last resort > > Here are some of the solutions I found: > > 1. Update nginx/apache config to hook into django's user's database. This > looks like it would ask the user to login again via Apache's login > mechanism, plus it doesn't look like it would work with alternative > authentication backend (I am using django-auth-ldap) > 2. Use django-sendfile, not possible because it requires installing > plugins to Apache > 3. Serve files through django. Not recommended by django, so I am loath > to try it > 4. Override the MEDIA_ROOT behavior in urls.py and implement my own file > serving behavior. This sounds not all that far off from #3. > > Are there any obvious solutions that I have over looked? Or am I stuck > having to use django to serve the files? > > Thanks for any advice, > > Jack > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. For more options, visit https://groups.google.com/groups/opt_out.
