I am using mod_xsendfile (v0.12) from https://tn123.org/mod_xsendfile/ for everyone static files where Django is controlling use of the files according to customers and permissions.

During my conf file, I've:

XSendFile On XSendFilePath e:/documents/

Order allow,deny Allow all

During my django code, I set the headers like so:

assert(isinstance(filename, FieldFile))

xsendfile = filename.name
if(platform.system() == 'Windows'):
    xsendfile = xsendfile.replace('\\', '/')

response = HttpResponse()
response['X-Sendfile'] = xsendfile
mimetype = mimetypes.guess_type(xsendfile)[0]
response['Content-Type'] = mimetype
response['Content-Length'] = filename.size

As well as in my log file I recieve:

[Fri Oct 22 08:54:22 2010] [error] [client 192.168.20.34] (20023)The given path
was above the root path: xsendfile: unable to find file:
e:/Documents/3/2010-10-20/TestDocument.pdf

Within this version of mod_xsendfile,

XSendFileAllowAbove On

creates the mistake:

Invalid command 'XSendFileAllowAbove', perhaps misspelled or defined by a module
not included in the server configuration

I believed which was simply because they have added the XSendFilePath whitened list. Other people got this to operate?

Don't set a Content-Length yourself. This can only confuse handlers for example mod_wsgi within this situation. mod_xsendfile will itself set the right Content-Length.

On Home windows you mustn't only supply the drive letter, the drive letter should be really in upper-situation (IIRC)!

I've got a working test configuration like so:

<Directory "E:/">
  XSendFile on
  XSendFilePath E:/localhosts
</Directory>

Among my working test scripts in E:/Apache2.2/htdocs/ appears like this:

<?php
  header('X-SendFile: E:/localhosts/archive.tar.bz2');
  header('Content-type: application/octet-stream');
  header('Content-disposition: attachment; filename="blob"');
?>

XSendFileAllowAbove was removed some time back in support of XSendFilePath