I need to create a site which has downloadable files in a library. The site will be accessed via username/password login done in the Rails app. However, I need the actual downloadable files to be protected as well. I''ll be running the rails app on a mongrel cluster. I''ve looked at using lighttpd as the web/proxy server and the mod_secdownload module which looks nice. However, I''d rather *not* use lighttpd is possible. Ideally, I''d like to use Apache or nginx as the web/proxy server but the lack a similar mod_secdownload module. Does anybody have any recommendation on how to achieve protected downloads without lighttpd or reverting to long random URLs (which is not that secure). Thanks, ~ Mark -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
You can use X-Sendfile with Apache to do this. The apache module is here: http://tn123.ath.cx/mod_xsendfile/ There''s a plugin to handle the Rails side at http://john.guen.in/rdoc/x_send_file/ With this approach, your Rails app handles the authentication, and then Apache sends the file when Rails has said it is ok to do so. Michael Slater www.BuildingWebApps.com On Feb 5, 1:07 pm, Mark Dodwell <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> I need to create a site which has downloadable files in a library. The > site will be accessed via username/password login done in the Rails app. > However, I need the actual downloadable files to be protected as well. > > I''ll be running the rails app on a mongrel cluster. > > I''ve looked at using lighttpd as the web/proxy server and the > mod_secdownload module which looks nice. However, I''d rather *not* use > lighttpd is possible. > > Ideally, I''d like to use Apache or nginx as the web/proxy server but the > lack a similar mod_secdownload module. > > Does anybody have any recommendation on how to achieve protected > downloads without lighttpd or reverting to long random URLs (which is > not that secure). > > Thanks, > > ~ Mark > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Many thanks Michael. I ended up using nginx''s ''X-Accel-Redirect'' feature which is basically the same thing as Apache''s x-sendfile. Perfect! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---