如何限制用户访问HTTP Server上的文件? [英] How to restrict user access the file on the HTTP Server?

问题描述

我正在编写一个Web应用程序，允许用户在应用程序上上传文件.用户单击上传"按钮后，该文件将上传到HTTP Server.用户可以通过从路径获取文件来接收文件....例如: http://www.demo.com/user/abc/download/the_file.jpg

I'm writing a web application that allow user upload their files on the app. The file will be uploaded on the HTTP Server, after the user click the "upload" button. The user can receive the file by getting the file from the path.... ...for example: http://www.demo.com/user/abc/download/the_file.jpg

但是我发现所有人都可以使用该路径访问此文件.我该怎么办，还是有一种更好的方法来管理文件，只有注册用户或文件所有者才能下载该文件?

but I found that all the people can access this file using the path. How can I do, or is there a better way to manage the file that only registered user or the file owner can download the file?

推荐答案

由于性能问题，无法在脚本中直接提供文件服务，并且由于内存限制，实际上无法提供BIG文件.

Serving a file directly within a script is not an option because of performance issues and it's not really possible to serve BIG files because of memory limits.

最好的选择是使用Apache模块 mod_xsendfile .想法是将所有请求重定向到 PHP/Perl/Python脚本将只设置一个HTTP标头，上面写着"Apache，请改为提供此文件"，而mod_xsendfile将负责该文件.

The best option is to use the Apache module mod_xsendfile. The idea is to redirect all requests to a PHP/Perl/Python script which will just set a HTTP header saying "Hey Apache, serve this file instead" and mod_xsendfile will take care of it.

如果没有此身份验证，客户端将永远无法下载文件.

And the client will never be able to download the file without this authentication.

这篇关于如何限制用户访问HTTP Server上的文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！