X-Sendfile stuff works really well. I use a little wrapper function
when I want to serve a static file with permissions, and still be able
to use the debug server. First, makes sure they have access, then
returh this with the file pathname.
def serve_static(fpath):
if web.config.debug:
with open(fpath) as f:
return f.read()
else: # Let lighttpd serve this
web.header('X-Sendfile', fpath)
return ''
Also as a heads up: older versions of lighttpd are case sensitive with
that header, so copy the case I used. It will still serve the file,
but it won't strip out the header when it sends the file -- not a huge
deal, but certainly a security concern (at the very least it shows
anyone curious where you've put files on disk).
On Oct 7, 6:09 am, Anand Chitipothu <[email protected]> wrote:
> On Wed, Oct 7, 2009 at 2:02 PM, max <[email protected]> wrote:
>
> > hi,
> > i have a question regarding webpys built-in static-dir delivery-
> > mechanisms. It works very well / very fast, compared to a script-based
> > delivery like the one below.
> > now, i want to combine the speed of the static-dir delivery with an
> > authentication mechanism that tests for the correct user before
> > serving a file.
> > how would you do that?
>
> The static dir is meant only for development. Which is typically
> replaced with a lighttpd/apache rewrite rule in production. If you are
> using lighttpd, then you may want to use X-LIGHTTPD-send-file header
> to serve files after authentication.
>
> http://redmine.lighttpd.net/projects/1/wiki/X-LIGHTTPD-send-file
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/webpy?hl=en
-~----------~----~----~----~------~----~------~--~---
