I wonder if you could do.. headers["X-LIGHTTPD-send-file"] = '/path/to/protected/file'
Within your controller action?? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nathaniel S. H. Brown http://nshb.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Chris Anderson > Sent: December 18, 2005 11:15 PM > To: Portland Ruby Brigade > Subject: Re: [PDX.rb] lighthttpd access control > > Thanks Lennon, > > I just found this page on the lighttpd wiki that suggests > that there is a feature available that would be just perfect > for my needs. > > http://trac.lighttpd.net/trac/wiki/HowToFightDeepLinking > > from php, they say, you just call: > <?php > header("X-LIGHTTPD-send-file: /path/to/protected/file"); ?> > > This sends the file out over the wire, and ignores anything > else generated by the php script. So I'm sure something > similar can be done in Ruby. > > Of course, that is a pretty powerful feature, so fastcgi has > to be configured to allow it: > > fastcgi.server = ( ".php" => (( ..., "allow-x-send-file" => > "enable" )) ) > > Now I just have to figure out how to translate the above into > Ruby and Rails. This shouldn't be hard, but more importantly, > now that I know how it can work, I can build my code around > it, and wait to do the implementing once I have time to > figure out the lighttpd part. > > If I have to continue to use Apache, then I'll give the > mod_ruby docs a good look. > > Chris > > > > On 12/18/05, Lennon Day-Reynolds <[EMAIL PROTECTED]> wrote: > > On 12/18/05, Chris Anderson <[EMAIL PROTECTED]> wrote: > > > I'm trying to build an asset server that allows or denies > access to > > > certain files on a per-user basis. Rails is going to be > the expert > > > on these users and what they are allowed, but the idea of > having the > > > ruby process actually serve the files seems like a big > drain on resources. > > > Is there a way I can have lighthttpd ask Ruby to authenticate > > > particular requests (hopefully based on the session cookie), and > > > based on the results of the authentication, serve a > particular file? > > > Ie, instead of responding with a 403, have it serve a file > > > explaining why access was denied. > > > > I'm not sure if this will really work -- lighttpd is reputed to > > support FastCGI authentication servers, so you could have a Ruby > > process do the auth check, but you're probably going to be > stuck with > > a 403 message if it fails. > > > > > I guess I'm wanting the best of both worlds - a > file-serving process > > > (lighthttpd) to handle moving lots of bits fast, without > troubling > > > the processor too much, coupled with smart access control and > > > logging from Ruby. Maybe there's a best way to do this? > I'm thinking > > > about looking over the ActionCache source for ideas... hmm... it > > > seems to use IO.read, which is not the "bypass Ruby to output the > > > file" method I was hoping for. > > > > Honestly, this kind of close coupling between your static content > > server and application is exactly the reason that mod_ruby (and > > mod_perl, mod_python, etc.) exist -- with the Apache extension API, > > you can plug into any stage of the HTTP transaction. > > > > If you're not averse to learning a bit about the Apache module > > internals, you could probably hack up a mod_ruby based > extension that > > would do this cleanly. > > > > Good luck, > > > > Lennon > > _______________________________________________ > > PDXRuby mailing list > > [email protected] > > IRC: #pdx.rb on irc.freenode.net > > http://lists.pdxruby.org/mailman/listinfo/pdxruby > > > > > -- > Chris Anderson > http://musicfordozens.com/jchris > _______________________________________________ > PDXRuby mailing list > [email protected] > IRC: #pdx.rb on irc.freenode.net > http://lists.pdxruby.org/mailman/listinfo/pdxruby > _______________________________________________ PDXRuby mailing list [email protected] IRC: #pdx.rb on irc.freenode.net http://lists.pdxruby.org/mailman/listinfo/pdxruby
