在PHP/Apache中提供大型受保护的文件 [英] Serving Large Protected Files in PHP/Apache

问题描述

我需要从Apache Web服务器提供大文件(> 2GB).这些文件是受保护的下载，因此我需要某种方式来授权用户.我正在使用的CMS使用针对MySQL数据库检查的cookie来验证用户.在服务器上，我无法控制max_execution_time，也无法控制memory_limit.

I need to serve up large files (> 2gb) from an Apache web server. The files are protected downloads, so I need some kind of way to authorize the user. The CMS I'm using uses cookies checked against a MySQL database to verify the user. On the server, I have no control over max_execution_time, and limited control over memory_limit.

我的技术一直在处理小型文件.在PHP中(由CMS)授权用户后，我使用readfile()提供文件，该文件存储在文档根目录上方，以防止直接访问.我已经阅读了有关对下载进行分块或使用fpassthru来解决PHP内存限制的技术.但是我还没有找到一种可以克服max_execution_time限制的技术.

My technique has been working for small files. After the user has been authorized in PHP (by the CMS), I use readfile() to serve the file, which is stored above the document root to prevent direct access. I've read about techniques to chunk the download or to use fpassthru to get around the PHP memory limit. But I haven't found a technique to get around the max_execution_time limit.

我考虑过将文件存储在文档根目录中，因此我们可以完全绕过PHP.但是我不知道的是如何使用htaccess限制访问.我需要先针对数据库验证用户，然后才能为他们提供文件.

I thought about storing the file within the document root, so we could bypass PHP entirely. But what I can't figure out is how to restrict access with htaccess. I need to verify the user against the database before I can serve them the file.

谢谢.

推荐答案

我认为最好的解决方案:安装在Apache中mod_xsendfile ，让PHP脚本授权用户，并成功发送带有X-Sendfile标头的响应，该标头指向受保护文件的位置.从那时起，Apache便完成了将文件提供给客户端的工作.不是PHP.

The nicest solution in my opinion: install mod_xsendfile in your Apache, have the PHP script authorize the user, and on success send a response with an X-Sendfile header pointing to the location of the protected file. From that point on, Apache does the work of serving the file to the client; not PHP.

这篇关于在PHP/Apache中提供大型受保护的文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！