Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Protecting static files in your web app

Avatar for Max Ludwig Max Ludwig
January 02, 2016
Programming
0
500

Protecting static files in your web app

... in production

https://github.com/dAnjou/xsendfile-example

Avatar for Max Ludwig

Max Ludwig

January 02, 2016
Tweet

Other Decks in Programming

See All in Programming
副作用をどこに置くか問題:オブジェクト指向で整理する設計判断ツリー
Avatar for Koya Masuda koxya
1
490
16年目のピクシブ百科事典を支える最新の技術基盤 / The Modern Tech Stack Powering Pixiv Encyclopedia in its 16th Year
Avatar for ahu ahuglajbclajep
5
900
公共交通オープンデータ × モバイルUX 複雑な運行情報を 『直感』に変換する技術
Avatar for Tsubasa SEKIGUCHI tinykitten
PRO
0
200
大規模Cloud Native環境におけるFalcoの運用
Avatar for Chihiro Hasegawa owlinux1000
0
250
Unicodeどうしてる? PHPから見たUnicode対応と他言語での対応についてのお伺い
Avatar for てきめん tekimen youkidearitai
PRO
0
850
2年のAppleウォレットパス開発の振り返り
Avatar for muno92 muno92
PRO
0
180
Deno Tunnel を使ってみた話
Avatar for すずとも kamekyame
0
340
フロントエンド開発の勘所 -複数事業を経験して見えた判断軸の違い-
Avatar for Yoichiro Kubo heimusu
7
2.6k
gunshi
Avatar for kazupon kazupon
1
140
CSC307 Lecture 03
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
1
480
フルサイクルエンジニアリングをAI Agentで全自動化したい 〜構想と現在地〜
Avatar for Kaito Minatoya kamina_zzz
0
370
re:Invent 2025 トレンドからみる製品開発への AI Agent 活用
Avatar for Kohei Yoshikawa yoskoh
0
680

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
65
8.4k
Fireside Chat
Avatar for paigeccino paigeccino
41
3.8k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
181
10k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.1k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
191
11k
svc-hook: hooking system calls on ARM64 by binary rewriting
Avatar for Akira Moroo retrage
1
72
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
85
9.4k
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
1
150
エンジニアに許された特別な時間の終わり
Avatar for watany watany
106
230k
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
1
1.5k
Technical Leadership for Architectural Decision Making
Avatar for Kenny Baas-Schwegler baasie
1
220

Transcript

  1. … in production Protecting static files in your web app

  2. X-Sendfile HTTP header

  3. GET /video.ogv video.ogv web server web app check permissions +

    set header check header + serve file

  4. from django.http import HttpResponse from django.utils.encoding import smart_str def sendfile(request,

    filename, **kwargs): # check requesting user’s permissions response = HttpResponse() response['X-Sendfile'] = smart_str(unicode(filename)) return response django-sendfile/sendfile/backends/xsendfile.py

  5. <VirtualHost *:80> XSendFile On # ... </VirtualHost> /etc/apache2/sites-available/example.de

  6. Apache2: X-Sendfile nginx: X-Accel-Redirect Lighttpd: X-LIGHTTPD-send-file

  7. github.com/dAnjou/xsendfile-example [email protected]