Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Protecting static files from non logged in users in Django

I have an existing site with a number of documents being served staticly. Client wants to add login protection to the site - not a problem using django_auth. However, the files being served from apache are still downloadable?

Is there a way to restrict access?

Ideally, this would require the path to these docs not changing on the site.

Was thinking of removing the alias from the apache config and having that route to a view that has the @login_required decorator on it, and then forwarding on.

like image 778
picus Avatar asked Apr 27 '11 20:04

picus


1 Answers

See Having Django serve downloadable files on how to set up Django to work with Apache X-Sendfile. You can wrap the X-Sendfile header sending with some authentication checks and you should be good to go.

like image 118
photoionized Avatar answered Oct 08 '22 15:10

photoionized