Hi, In a test environment I have a apache front_end server and a apache mod_perl server both are on two physical different machines, plus another machine for the database.
Our production server is one machine running only one instance of apache/mod_perl and another machine for the database. Users can upload documents, set rights as to who can download/update the documents. The documents are kept in a directory outside of the document root. I use Transhandler to rewrite the uri to the correct file location. A http_referer also has to be present for the user to get the file. I want to put all the documents on the front_end which is not running mod_perl (here is a copy from the installation ./configure --prefix=/usr/local/apache --enable-module=ssl --enable-module=rewrite --enable-module=proxy --disable-module=cgi) Then as far as I can see the documents would have to be under documentroot which means anyone can have access to them just by guessing the url. Any ideas how I can have the documents on the front_end and still maintain some level of security. /Scott