9

我正在使用mod_xsendfile (v0.12) 来提供静态文件,其中 Django 根据用户和权限控制对文件的访问。

在我的 conf 文件中,我有:

XSendFile On
XSendFilePath e:/documents/

<Directory e:/Documents>
  Order allow,deny
  Allow from all
</Directory>

在我的 django 代码中,我将标题设置为:

assert(isinstance(filename, FieldFile))

xsendfile = filename.name
if(platform.system() == 'Windows'):
    xsendfile = xsendfile.replace('\\', '/')

response = HttpResponse()
response['X-Sendfile'] = xsendfile
mimetype = mimetypes.guess_type(xsendfile)[0]
response['Content-Type'] = mimetype
response['Content-Length'] = filename.size

在我的日志文件中,我得到:

[Fri Oct 22 08:54:22 2010] [error] [client 192.168.20.34] (20023)The given path
was above the root path: xsendfile: unable to find file:
e:/Documents/3/2010-10-20/TestDocument.pdf

在这个版本中mod_xsendfile

XSendFileAllowAbove On

产生错误:

Invalid command 'XSendFileAllowAbove', perhaps misspelled or defined by a module
not included in the server configuration

我认为那是因为他们添加了XSendFilePath白名单。其他人有这个工作吗?

4

2 回答 2

13

不要自己设置 Content-Length。在这种情况下,这只会混淆诸如 mod_wsgi 之类的处理程序。mod_xsendfile 将自己设置正确的内容长度。

在 Windows 上,您不仅必须提供驱动器号,驱动器号实际上必须是大写 (IIRC)!

我有一个像这样的工作测试配置:

<Directory "E:/">
  XSendFile on
  XSendFilePath E:/localhosts
</Directory>

我在 E:/Apache2.2/htdocs/ 中的一个工作测试脚本如下所示:

<?php
  header('X-SendFile: E:/localhosts/archive.tar.bz2');
  header('Content-type: application/octet-stream');
  header('Content-disposition: attachment; filename="blob"');
?>

XSendFileAllowAbove 不久前被删除,取而代之的是 XSendFilePath

于 2010-10-22T16:52:21.570 回答
3

大多数时候我不得不配置 XSendfile 路径时遇到了很多麻烦。

这是我在 Windows 上测试的几个场景,看看出了什么问题(跳到这篇文章的末尾,看看结论广告建议):

<?php

/* X-SENDFILE
 * This can be a b*tch to configure. So I'm writing various scenarios here so that I can rely on them in the future.
 * Example use: after re-installing XAMPP, after changing config file, in a new script, after some time without using it...
 * Tested on Windows 7 + XAMPP (Apache/2.4.3, PHP/5.4.7) + mod_xsendfile 1.0-P1 for Apache 2.4.x Win32
 */

/** Environment Debug **/
//echo dirname(__FILE__);   die();
//echo $_SERVER['DOCUMENT_ROOT'];   die();

/** The damn fucking path, with comments **/

// Local file in execution directory.
// Tested with: *no* XSendFilePath inside of the Apache config
// Result: works fine.
//header("X-Sendfile: " . 'localfile.zip' );

// Local file in execution directory + relative path
// Tested with: *no* XSendFilePath inside of the Apache config
// Result: works fine.
//header("X-Sendfile: " . '../xsendfile/localfile.zip' );

// Local file in execution directory + absolute pathS
// Tested with: *no* XSendFilePath inside of the Apache config
// Result: works fine and a lot of flexibility on the slash and letter drive format combinations *BUT* case-sensitive
//header("X-Sendfile: " . 'D:\Dropbox\XAMPP\web\tests\Languages\Apache\xsendfile\localfile.zip' );  // works fine
//header("X-Sendfile: " . '\Dropbox\XAMPP\web\tests\Languages\Apache\xsendfile\localfile.zip' );    // works fine
//header("X-Sendfile: " . 'D:/Dropbox/XAMPP/web/tests/Languages/Apache/xsendfile/localfile.zip' );  // works fine
//header("X-Sendfile: " . '/Dropbox/XAMPP/web/tests/Languages/Apache/xsendfile/localfile.zip' );    // works fine
//header("X-Sendfile: " . '/dropbox/XAMPP/web/tests/Languages/Apache/xsendfile/localfile.zip' );    // FAILS (case-sensitive)

// File in the XSendFilePath directory + Absolute path
// Tested with: XSendFilePath D:\Dropbox\XAMPP\web -- Mind the backward slashes
// Result: FAILS! error.log => [Wed Feb 20 19:08:02.617971 2013] [:error] [pid 15096:tid 1768] (20023)The given path was above the root path: [client ::1:56658] xsendfile: unable to find file: D:\\Dropbox\\XAMPP\\web\\xsfile.zip
//header("X-Sendfile: " . 'D:\Dropbox\XAMPP\web\xsfile.zip' );

// File in the XSendFilePath directory + Absolute path
// Tested with: XSendFilePath D:/Dropbox/XAMPP/web <== mind the forward slashes this time
// Result: WORKS! Conclusion: XSendFilePath needs use forward slashes on Windows AND we don't need any trailing slash in it.
header("X-Sendfile: " . 'D:\Dropbox\XAMPP\web\xsfile.zip' );

/** We might wanna test also:
 * - How does backward slashes in both XSendfilePath and the header combine?
 * - The use of subdirectories.
 * /

/** The rest of the headers (until otherwise stated, nothing special) **/
header("Content-Type: application/zip");
header("Content-Disposition: attachment; filename=\"" . 'blah.zip' . "\"");
header("Content-Transfer-Encoding: binary");
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");

/** Tell the script to stop (so the file download may start) **/
die();


?>

因此,基本上,对于 Windows 上的 X-Sendfile,请确保:

  • 您在 XSendfilePath 的 Apache 配置中使用正斜杠(强制);
  • 尊重您的路径中的情况,即使我们在 Windows 上(强制);
  • 到处使用绝对路径(推荐)
  • XSendfilePath 没有尾部斜杠(推荐)

希望它可以帮助某人!法比安

于 2013-02-20T22:24:03.013 回答