Hi,

In a test environment I have a apache front_end server and a
apache mod_perl server both are on two physical different machines, plus
another machine for the database.

Our production server is one machine running only one instance of
apache/mod_perl and another machine for the database.

Users can upload documents, set rights as to who can download/update the
documents. The documents are kept in a directory outside of the document
root. I use Transhandler to rewrite the uri to the correct file location.
A http_referer also has to be present for the user to get the file.


I want to put all the documents on the front_end which is not running
mod_perl (here is a copy from the installation ./configure
--prefix=/usr/local/apache --enable-module=ssl --enable-module=rewrite
--enable-module=proxy --disable-module=cgi)

Then as far as I can see the documents would have to be under documentroot
which means anyone can have access to them just by guessing the url.

Any ideas how I can have the documents on the front_end and still maintain
some level of security.

/Scott

Reply via email to