在Django站点中保护静态媒体访问 [英] Secure static media access in a Django site
问题描述
我已经阅读了这个页面,但似乎人们必须登录两次访问站点和媒体,每次使用不同类型的登录框。
有没有办法解决这个问题,还是有其他方法来限制使用Django身份验证数据库访问由Apache提供的静态媒体?
我正在使用mod_python。
编辑:阅读范加尔的答案后,我如何最终解决这个问题, a href =http://groups.google.com/group/django-users/browse_thread/thread/b4ceae1956e003e5/ =noreferrer>此:
- 切换到WSGI。
- 已安装 mod_xsendfile
- 将所有公共媒体文件移动到/ media / public $ b $中的子文件夹中b
- 使用Alias / media / public / var / www ... / media / public 添加对公用文件夹的访问权限
- 添加了WSGIScriptAlias / media / protected / / var / www ... / apache / django.wsgi(与网站其他部分相同的处理程序)
- 添加XSendFile On和XSendFileAllowAbove On
- Django应用程序我添加了/ media / protected的urlconf,它基本上是这里,仅针对我的身份验证系统进行修改。它处理诸如/ media / protected / GROUP_ID / file之类的URL,因此只有GROUP的成员可以下载文件。
通常的方法是将特殊的标题传回给Web服务器。
可以使用 nginx 使用x-accel-redirect作为这个 Django snippet 。
对于Apache,应该使用 mod_xsendfile 模块(关于Django用户邮件列表的讨论和示例。
I'm building a site where registered users can upload files. Those files are then served via Apache. Only users who are logged in should be able to access those files.
I have read this page but it seems that people would have to log in twice to access both the site and the media, each time using a different type of login box.
Is there a way around this or is there some other way to limit access to static media served by Apache using the Django authentication database?
I'm using mod_python.
EDIT: How I ended up solving this after reading Van Gale's answer and this:
- Switched to WSGI.
- Installed mod_xsendfile
- Moved all public media files into a subfolder in /media/public
- Added access to the public folder using an Alias /media/public /var/www.../media/public
- Added WSGIScriptAlias /media/protected/ /var/www.../apache/django.wsgi (same handler as for the rest of the site)
- Added XSendFile On and XSendFileAllowAbove On
- To the Django app I added an urlconf for /media/protected which does basically what's here, only modified for my authentication system. It handles urls such as /media/protected/GROUP_ID/file so that only members of the GROUP can download the files.
The usual way to do this is to pass back a special header to the web server.
You can do it with nginx using x-accel-redirect as in this Django snippet.
For Apache, it should be pretty similar using the mod_xsendfile module (discussion and examples on Django users mailing list).
这篇关于在Django站点中保护静态媒体访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!