I was wondering if i could implement some type of authentification to
disallow the downloading of certain files…
What i’m trying to do is implement a downloading system based on user
accounts…something like Rapidshare…but just the basic : ask for the
user pass before downloading…
it would be nice if i could implement this through a PHP or page
but i don’t want to serve with PHP …through headers, because then nginx
won’t take over the serving of the files, and resume won’t be available,
of course the performance will be affeceted very badly
Thank you for your replies
Cris
Posted at Nginx Forum:
Your looking for something like
http://wiki.nginx.org/NginxXSendfile
Just have your php script do the auth and have it send the X-Accel-
Redirect header and nginx will serve the file.
Rob
Sent from my iPhone
Yes that’s exactly what i found meanwhile, but i’ve seen your post as
well, accurate of course. Thank you so much for your reply…
I’ve implemented a proxy pass to query the main server, a php that
checks everything…then xforwards to the downloading server…it’s
amazing…simply transparent, and works like a charm…
i’ve even implemented expiring links and such…
My concern was that i would of see the Xforward thing on the headers,
but i’ve sniffed the headers on client side and you can’t see nothing 
that’s why it’s the best solution ever…
and of course the files on the webserver are not public, they are marked
as internal , so normal clients can’t have access unless it’s forwarded
from the php script
Great Stuff… i’ve seen that apache does it as well with a custom
module…
Posted at Nginx Forum:
On Sat, Oct 31, 2009 at 3:36 PM, Rob S. [email protected]
wrote:
Just have your php script do the auth and have it send the X-Accel-Redirect
header and nginx will serve the file.
Well, the sad part of this approach is that if the
PHP/Python/Perl/whatever script requires TCP I/O itself (no matter
it’s memcached or an RDBMS or upstream web service queries), it will
block the process running the script (although the nginx worker
process itself won’t block if fastcgi is used here).
So we’re pondering extending the idea of X-Accel-Redirect and makes it
possible to pass along “continuations” so that the backend script can
effectively issue nginx subrequests and let nginx do all the I/O
operations involved in its own event model. It’s very likely to get
better concurrency over all
Cheers,
-agentzh
Yes well good luck with that, i know it’s a lot more dificult to work
with async processes then sync like this one.
Meanwhile i successfully added the X-Accel-Redirect to my web server and
php and it works great… we will see how it behaves in the future where
hopefully i will have thousands of users downloading their files
I have setup a LVS cluster in anycase , so i will use different servers
for downloading… so the performance won’t affect me very much as i will
increase the numbers of servers if the % of processor usage comes down
to a max.
Is there any other way to measure the webserver usage??
Posted at Nginx Forum:
is this 100% undetectable by the way? i haven’t read any security
reports about XFORWARD
Posted at Nginx Forum: