7

I have an existing site with a number of documents being served staticly. Client wants to add login protection to the site - not a problem using django_auth. However, the files being served from apache are still downloadable?

Is there a way to restrict access?

Ideally, this would require the path to these docs not changing on the site.

Was thinking of removing the alias from the apache config and having that route to a view that has the @login_required decorator on it, and then forwarding on.

picus
  • 1,507
  • 2
  • 13
  • 23
  • possible duplicate of [Django - serving and managing permissions for static content](http://stackoverflow.com/questions/2707712/django-serving-and-managing-permissions-for-static-content) – Ignacio Vazquez-Abrams Apr 27 '11 at 20:05
  • possible duplicate of [Django: Serving Media Behind Custom URL](http://stackoverflow.com/questions/2687957/django-serving-media-behind-custom-url) – Wolph Apr 27 '11 at 20:11

1 Answers1

3

See Having Django serve downloadable files on how to set up Django to work with Apache X-Sendfile. You can wrap the X-Sendfile header sending with some authentication checks and you should be good to go.

Community
  • 1
  • 1
photoionized
  • 5,092
  • 20
  • 23