> My Django app only allows someone to access a /books page, that is
> part of the Django app, if they are signed in.
>
> The pages below that URL are just static directory listings of PDFs
> all handled by Apache.
> For example /books/book_1, /books/book_2, etc.
>
> Because these directory listings aren't handled by Django, they don't
> enjoy Django's access controls. They don't even have a view since
> they are just static pages handled by Apache.
>
> Is there any way to somehow prevent access to them unless someone is
> signed into my Django app?
>
> chris
>
You can look into protecting them with mod_xsendfile for Apache
(X-accel-redirect for nginx). Basically you restrict access to the
directory from Apache so someone cannot naively navigate to that
url/directory then set response headers in your django app. Apache
will then read those response headers and serve the protected file.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment