Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

mod_perl handler for file downloads: good call or bad

by Errto (Vicar)
on Jun 20, 2007 at 15:43 UTC ( #622285=perlquestion: print w/ replies, xml ) Need Help??
Errto has asked for the wisdom of the Perl Monks concerning the following question:

I have a web application that consists in part of a collection of static files my users can download. I have my own application logic that needs to control who can download which file. So it occurs to me that I could potentially create a mod_perl handler (maybe Fixup ??) that could intercept the request and accept or reject it - if it's accepted it would simply pass to the ordinary Apache mechanisms for the actual file download.

It also occurs to me that I could write a ContentHandler and do the entire thing myself: send an error code if the user does not have access, or open and write out the file if they do, after adding the appropriate headers (Content-type, Content-disposition etc).

My questions are: is the first approach I outlined even possible? Are there any marked advantages to either approach?

Cheers,

Update: I should point out that I am not using native HTTP authentication here - my notion of "who" is also application-specific.

Comment on mod_perl handler for file downloads: good call or bad
Re: mod_perl handler for file downloads: good call or bad
by Fletch (Chancellor) on Jun 20, 2007 at 16:20 UTC

    Sounds more like you want an authorization handler (PerlAuthzHandler) which passes or forbids access.

Re: mod_perl handler for file downloads: good call or bad
by clinton (Priest) on Jun 20, 2007 at 16:37 UTC
    I second Fletch's recommendation of the PerlAuthzHandler.

    You COULD serve the files via mod_perl (using $r->sendfile($filename) ), but apache does it faster, so I would rather get out of the way and let it do its thing.

    Clint

      Sorry for not mentioning this in the OP, but I don't think I can use an Authz handler, because that seems to require using HTTP authentication, whereas I have my own mechanism for dealing with the "who" aspect.
        You can do anything you like in the PerlAuthzHandler, including returning a login page - HTTP authentication is just how apache implements it by default

        Clint

Re: mod_perl handler for file downloads: good call or bad
by perrin (Chancellor) on Jun 20, 2007 at 17:31 UTC
    If the site is popular, make sure you have a reverse proxy. Using mod_perl for large static file downloads will not go well. You can look at things like mod_auth_tkt which let you do the auth check on the proxy after logging in on mod_perl.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://622285]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (6)
As of 2015-07-06 04:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (70 votes), past polls