Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Protecting static files in your web app

Avatar for Max Ludwig Max Ludwig
January 02, 2016
Programming
510
0

Protecting static files in your web app

... in production

https://github.com/dAnjou/xsendfile-example

Avatar for Max Ludwig

Max Ludwig

January 02, 2016

Other Decks in Programming

See All in Programming
過去最大のMCPアップデート! 2026-07-28 RC版の謎に迫る
Avatar for matsukada licux
6
380
そのテスト、説明できますか?~LWテスト戦略FW~のご紹介
Avatar for Kei Nakahara nakahara
0
150
「なぜそう決めたのか」を残し続ける仕組み ― Notion AI カスタムエージェント × Slack連携による設計判断の自動記録 - NIKKEI Tech Talk #47
Avatar for ニフティ株式会社 niftycorp
PRO
0
210
Hunting Vulnerabilities in Symfony with LLMs
Avatar for Vincent Amstoutz vinceamstoutz
0
550
AI時代のUIはどこへ行く?その2!
Avatar for Yusuke Wada yusukebe
22
7.4k
エンジニアと一緒にテストコードの設計と実装を改善した話
Avatar for mototakatsu mototakatsu
0
210
DynamoDBには集計系のクエリがないけどなんとかしたい
Avatar for 村上優稀 musan
1
180
Java × distroless で 軽量なコンテナイメージを / Java on Distroless
Avatar for Daisuke Garaike contour_gara
0
550
ローカルLLMでどこまでコードが書けるか -拡張版 / How much code can be written on a local LLM Extended
Avatar for Naoki Kishida kishida
11
4.3k
代数的データ型って何が嬉しいの? #frontend_phpcon_do
Avatar for Takuma Kajikawa kajitack
8
3.7k
不変条件と整合性境界—ビジネスが決める設計判断と実現パターン / Invariants and Consistency Boundaries
Avatar for nrs nrslib
14
5.7k
The NotImplementedError Problem in Ruby
Avatar for Koichi ITO koic
1
870

Featured

See All Featured
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
Avatar for Christian Goodrich cargoodrich
3
740
Unsuck your backbone
Avatar for Amy Palamountain ammeep
672
58k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
230
23k
The SEO Collaboration Effect
Avatar for Kristina Bergwall kristinabergwall1
1
490
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
Avatar for Katarina Dahlin katarinadahlin
PRO
1
3.6k
Between Models and Reality
Avatar for mayunak mayunak
4
340
How to audit for AI Accessibility on your Front & Back End
Avatar for davetheseo davetheseo
0
430
Marketing Yourself as an Engineer | Alaka | Gurzu
Avatar for Gurzu gurzu
0
240
From Legacy to Launchpad: Building Startup-Ready Communities
Avatar for Dug Song dugsong
0
230
Fireside Chat
Avatar for paigeccino paigeccino
42
4k
A better future with KSS
Avatar for Kyle Neath kneath
240
18k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
Avatar for Tomoya Matsuura tomoyanonymous
2
870

Transcript

  1. … in production Protecting static files in your web app

  2. X-Sendfile HTTP header

  3. GET /video.ogv video.ogv web server web app check permissions +

    set header check header + serve file

  4. from django.http import HttpResponse from django.utils.encoding import smart_str def sendfile(request,

    filename, **kwargs): # check requesting user’s permissions response = HttpResponse() response['X-Sendfile'] = smart_str(unicode(filename)) return response django-sendfile/sendfile/backends/xsendfile.py

  5. <VirtualHost *:80> XSendFile On # ... </VirtualHost> /etc/apache2/sites-available/example.de

  6. Apache2: X-Sendfile nginx: X-Accel-Redirect Lighttpd: X-LIGHTTPD-send-file

  7. github.com/dAnjou/xsendfile-example [email protected]