I need to serve up large files (> 2gb) from an Apache web server. The files are protected downloads, so I need some kind of way to authorize the user. The CMS I'm using uses cookies checked against a MySQL database to verify the user. On the server, I have no control over max_execution_time, and limited control over memory_limit.
My technique has been working for small files. After the user has been authorized in PHP (by the CMS), I use readfile() to serve the file, which is stored above the document root to prevent direct access. I've read about techniques to chunk the download or to use fpassthru to get around the PHP memory limit. But I haven't found a technique to get around the max_execution_time limit.
I thought about storing the file within the document root, so we could bypass PHP entirely. But what I can't figure out is how to restrict access with htaccess. I need to verify the user against the database before I can serve them the file.
Thanks.
The nicest solution in my opinion: install mod_xsendfile
in your Apache, have the PHP script authorize the user, and on success send a response with an X-Sendfile
header pointing to the location of the protected file. From that point on, Apache does the work of serving the file to the client; not PHP.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With