Secure Downloads

I need to create a site which has downloadable files in a library. The site will be accessed via username/password login done in the Rails app. However, I need the actual downloadable files to be protected as well.

I'll be running the rails app on a mongrel cluster.

I've looked at using lighttpd as the web/proxy server and the mod_secdownload module which looks nice. However, I'd rather *not* use lighttpd is possible.

Ideally, I'd like to use Apache or nginx as the web/proxy server but the lack a similar mod_secdownload module.

Does anybody have any recommendation on how to achieve protected downloads without lighttpd or reverting to long random URLs (which is not that secure).

Thanks,

~ Mark

You can use X-Sendfile with Apache to do this. The apache module is here: tn123.ath.cx is offline

There's a plugin to handle the Rails side at http://john.guen.in/rdoc/x_send_file/

With this approach, your Rails app handles the authentication, and then Apache sends the file when Rails has said it is ok to do so.

Michael Slater www.BuildingWebApps.com

Many thanks Michael. I ended up using nginx's 'X-Accel-Redirect' feature which is basically the same thing as Apache's x-sendfile. Perfect!