Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

mod_perl handler for file downloads: good call or bad

by Errto (Vicar)
on Jun 20, 2007 at 15:43 UTC ( #622285=perlquestion: print w/replies, xml ) Need Help??
Errto has asked for the wisdom of the Perl Monks concerning the following question:

I have a web application that consists in part of a collection of static files my users can download. I have my own application logic that needs to control who can download which file. So it occurs to me that I could potentially create a mod_perl handler (maybe Fixup ??) that could intercept the request and accept or reject it - if it's accepted it would simply pass to the ordinary Apache mechanisms for the actual file download.

It also occurs to me that I could write a ContentHandler and do the entire thing myself: send an error code if the user does not have access, or open and write out the file if they do, after adding the appropriate headers (Content-type, Content-disposition etc).

My questions are: is the first approach I outlined even possible? Are there any marked advantages to either approach?


Update: I should point out that I am not using native HTTP authentication here - my notion of "who" is also application-specific.

  • Comment on mod_perl handler for file downloads: good call or bad

Replies are listed 'Best First'.
Re: mod_perl handler for file downloads: good call or bad
by Fletch (Chancellor) on Jun 20, 2007 at 16:20 UTC

    Sounds more like you want an authorization handler (PerlAuthzHandler) which passes or forbids access.

Re: mod_perl handler for file downloads: good call or bad
by perrin (Chancellor) on Jun 20, 2007 at 17:31 UTC
    If the site is popular, make sure you have a reverse proxy. Using mod_perl for large static file downloads will not go well. You can look at things like mod_auth_tkt which let you do the auth check on the proxy after logging in on mod_perl.
Re: mod_perl handler for file downloads: good call or bad
by clinton (Priest) on Jun 20, 2007 at 16:37 UTC
    I second Fletch's recommendation of the PerlAuthzHandler.

    You COULD serve the files via mod_perl (using $r->sendfile($filename) ), but apache does it faster, so I would rather get out of the way and let it do its thing.


      Sorry for not mentioning this in the OP, but I don't think I can use an Authz handler, because that seems to require using HTTP authentication, whereas I have my own mechanism for dealing with the "who" aspect.
        You can do anything you like in the PerlAuthzHandler, including returning a login page - HTTP authentication is just how apache implements it by default


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://622285]
Approved by Corion
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (5)
As of 2018-05-27 13:00 GMT
Find Nodes?
    Voting Booth?