Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

mod_perl handler for file downloads: good call or bad

by Errto (Vicar)
on Jun 20, 2007 at 15:43 UTC ( #622285=perlquestion: print w/ replies, xml ) Need Help??
Errto has asked for the wisdom of the Perl Monks concerning the following question:

I have a web application that consists in part of a collection of static files my users can download. I have my own application logic that needs to control who can download which file. So it occurs to me that I could potentially create a mod_perl handler (maybe Fixup ??) that could intercept the request and accept or reject it - if it's accepted it would simply pass to the ordinary Apache mechanisms for the actual file download.

It also occurs to me that I could write a ContentHandler and do the entire thing myself: send an error code if the user does not have access, or open and write out the file if they do, after adding the appropriate headers (Content-type, Content-disposition etc).

My questions are: is the first approach I outlined even possible? Are there any marked advantages to either approach?

Cheers,

Update: I should point out that I am not using native HTTP authentication here - my notion of "who" is also application-specific.

Comment on mod_perl handler for file downloads: good call or bad
Re: mod_perl handler for file downloads: good call or bad
by Fletch (Chancellor) on Jun 20, 2007 at 16:20 UTC

    Sounds more like you want an authorization handler (PerlAuthzHandler) which passes or forbids access.

Re: mod_perl handler for file downloads: good call or bad
by clinton (Priest) on Jun 20, 2007 at 16:37 UTC
    I second Fletch's recommendation of the PerlAuthzHandler.

    You COULD serve the files via mod_perl (using $r->sendfile($filename) ), but apache does it faster, so I would rather get out of the way and let it do its thing.

    Clint

      Sorry for not mentioning this in the OP, but I don't think I can use an Authz handler, because that seems to require using HTTP authentication, whereas I have my own mechanism for dealing with the "who" aspect.
        You can do anything you like in the PerlAuthzHandler, including returning a login page - HTTP authentication is just how apache implements it by default

        Clint

Re: mod_perl handler for file downloads: good call or bad
by perrin (Chancellor) on Jun 20, 2007 at 17:31 UTC
    If the site is popular, make sure you have a reverse proxy. Using mod_perl for large static file downloads will not go well. You can look at things like mod_auth_tkt which let you do the auth check on the proxy after logging in on mod_perl.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://622285]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (6)
As of 2014-10-24 21:48 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (138 votes), past polls