[TYPO3-dev] TYPO3 session verification on Apache level
Stefan Neufeind
typo3.neufeind at speedpartner.de
Fri Sep 21 12:01:30 CEST 2012
On 09/21/2012 11:34 AM, Bart Dubelaar wrote:
> Hi All,
>
> There are many solutions to secure static file downloads in TYPO3, DAM, FAL,
> naw_securedl, etc. They all operate in the same way, call a PHP script
> instead of the file directly.
[...]
Afaik if you use things like passthru() that shouldn't cause too much
overhead for actually sending the file. It's not like you'd need a
long-running "read one byte, send that out"-loop. But still there is
some overhead.
And if you'd need to support download-resume or the like that even needs
some more logic on the PHP-side. So yes, a webserver-based solution
might be good to have.
I haven't yet tried it with Apache. But your email reminded me there was
a module for lighttpd to create download-links valid for a limited time:
http://redmine.lighttpd.net/projects/1/wiki/Docs_ModSecDownload
Maybe you could also solve it by scripting inside a reverse-proxy in
front (Varnish or so)?
Let's see what others on this list have maybe worked out already.
Interesting topic.
Regards,
Stefan
More information about the TYPO3-dev
mailing list