Secure Downloads

11175 · February 5, 2008, 9:07pm

I need to create a site which has downloadable files in a library. The site will be accessed via username/password login done in the Rails app. However, I need the actual downloadable files to be protected as well.

I'll be running the rails app on a mongrel cluster.

I've looked at using lighttpd as the web/proxy server and the mod_secdownload module which looks nice. However, I'd rather *not* use lighttpd is possible.

Ideally, I'd like to use Apache or nginx as the web/proxy server but the lack a similar mod_secdownload module.

Does anybody have any recommendation on how to achieve protected downloads without lighttpd or reverting to long random URLs (which is not that secure).

Thanks,

~ Mark

Michael_Slater · February 6, 2008, 6:51pm

You can use X-Sendfile with Apache to do this. The apache module is here: tn123.ath.cx is offline

There's a plugin to handle the Rails side at http://john.guen.in/rdoc/x_send_file/

With this approach, your Rails app handles the authentication, and then Apache sends the file when Rails has said it is ok to do so.

Michael Slater www.BuildingWebApps.com

11175 · February 10, 2008, 3:05am

Many thanks Michael. I ended up using nginx's 'X-Accel-Redirect' feature which is basically the same thing as Apache's x-sendfile. Perfect!

Topic		Replies	Views
How do you protect files in RoR rubyonrails-talk	1	168	March 27, 2009
Send a file, is it possible to do something like this? rubyonrails-talk	5	197	May 17, 2008
serving images with send_file performance issue rubyonrails-talk	2	112	March 14, 2007
x-sendfile horrendously slow? rubyonrails-talk	0	144	June 22, 2007
Securing private file area rubyonrails-talk	4	110	June 12, 2007

Secure Downloads

Related topics

More Resources