httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Watts <>
Subject Re: [users@httpd] Custom authentication?
Date Tue, 04 Jan 2011 11:28:25 GMT
Hash: SHA1

On 01/04/2011 11:19 AM, Oliver Beattie wrote:
> Hi there,
> I am sure this question has likely been asked many times before, I'm
> just having a bit of a hard time finding answers.
> Basically, I need to be able to authenticate downloads based on a URL
> signature if present (passed as a query parameter), instead of via Basic
> authentication (I need to support both of these, but bypass the basic
> auth if no signature is present). It isn't a requirement that they live
> at the same path, so they can be at different virtual hosts/directories
> if necessary. 
> At first, I thought the best way to do this would be just through a
> simple CGI/WSGI/whatever, but the files I am authenticating access to
> are very large (many GB) and I fear there may be a performance
> implication of doing this (and things like Range requests won't be
> possible without extra work).
> Has anyone had any experience with this? What is the best way to
> proceed? Any help anyone could give would be very much appreciated :)
> —Oliver

After authentication, set a cookie with a sensible lifetime (~1 day).
If the cookie is set and valid allow the download, otherwise redirect to
the login page.


- -- 
Mark Watts BSc RHCE
Senior Systems Engineer, MSS Secure Managed Hosting
QinetiQ - Delivering customer-focused solutions
GPG Key:
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message