I am creating a site where registered customers can upload files. Individuals files are then offered via Apache. Only customers who're drenched in should have the ability to access individuals files.

I've read this site however it appears that individuals would need to sign in two times to gain access to both site and also the media, every time using a different sort of login box.

It is possible to way for this or perhaps is there another method to limit use of static media offered by Apache while using Django authentication database?

I am using mod_python.

EDIT: The Way I wound up fixing this after reading through Van Gale's answer and this:

  1. Switched to WSGI.
  2. Installed mod_xsendfile
  3. Moved all public media files right into a subfolder in /media/public
  4. Added use of the general public folder utilizing an Alias /media/public /var/world wide web.../media/public
  5. Added WSGIScriptAlias /media/protected/ /var/world wide web.../apache/django.wsgi (same handler for the relaxation from the site)
  6. Added XSendFile On and XSendFileAllowAbove On
  7. Towards the Django application I added an urlconf for /media/protected which does essentially what's here, only modified for my authentication system. It handles web addresses for example /media/protected/GROUP_ID/file to ensure that only people from the GROUP can download the files.

The typical method of doing this really is to pass through back a unique header towards the web server.

It can be done with nginx using x-accel-redirect as with this Django snippet.

For Apache, it ought to be pretty similar while using mod_xsendfile module (discussion and good examples on Django customers subscriber list).

For those who have freedom to change from Apache to lighttpd, then your most simple solution is always to use mod_secdownload which may just do what you would like, that's, provide application authentication while serving the particular files via web server.

However if you're tied to Apache, i quickly suggest mod_auth_token, here they mention PHP but you will get the token in Python or other language. Using mod_auth_token you'll have the ability to create the token inside your application, after which have web server serve the static file utilizing that token.