Jonathan
Reputation: 3534
Securing Apache with Django authentication
I have an ImageField in one of my Django models. Each of these images has a user (or group of users) who have access to them; no other users should be able to see them.
The ImageField stores the image file in the media root. Any web request for that image via the image path) bypass django and get served directly by Apache.
How do I ensure that only the users that are authorized to request the images can actually get them?
Upvotes: 0
Views: 111
Answers (1)
Mohammad Efazati
Reputation: 4920
add new view for serve image and store image in other path, apache cant server new path
now in new view check group of user serve image and if not your user send 403
@login_required
def serve_file(request, context):
if <check if they have access to the file>:
filename = "/var/www/myfile.xyz"
response = HttpResponse(mimetype='application/force-download')
response['Content-Disposition']='attachment;filename="%s"'%filename
response["X-Sendfile"] = filename
response['Content-length'] = os.stat("debug.py").st_size
return response
return <error state>
Upvotes: 2
Related Questions
- Use Apache authentication in Django without popup
- apache mod_wsgi basic authentication for django app
- Django: Use htaccess to protect django app
- 1.4 Django HTTP authentication
- SLL authenticate from apache in Django
- Python/Django - HTTP authentication
- django authorization
- django authentication .htaccess static
- Deploying a Django app on Apache + mod_wsgi with HTTP auth
- Apache basic authentication on Django site