Secure Downloads

Rails
1

I need to create a site which has downloadable files in a library. The
site will be accessed via username/password login done in the Rails app.
However, I need the actual downloadable files to be protected as well.

I’ll be running the rails app on a mongrel cluster.

I’ve looked at using lighttpd as the web/proxy server and the
mod_secdownload module which looks nice. However, I’d rather not use
lighttpd is possible.

Ideally, I’d like to use Apache or nginx as the web/proxy server but the
lack a similar mod_secdownload module.

Does anybody have any recommendation on how to achieve protected
downloads without lighttpd or reverting to long random URLs (which is
not that secure).

Thanks,

~ Mark

2

You can use X-Sendfile with Apache to do this. The apache module is
here: tn123.ath.cx is offline

There’s a plugin to handle the Rails side at
http://john.guen.in/rdoc/x_send_file/

With this approach, your Rails app handles the authentication, and
then Apache sends the file when Rails has said it is ok to do so.

Michael S.
www.BuildingWebApps.com

On Feb 5, 1:07 pm, Mark D. [email protected]

3

Many thanks Michael. I ended up using nginx’s ‘X-Accel-Redirect’ feature
which is basically the same thing as Apache’s x-sendfile. Perfect!