0

I have xsendfile module working and files are being served using X-Sendfile header. But somehow files from any folder gets served. How do I rectrict it so that I can use X-sendfile headers only for specific folders? I have tried setting XSendFilePath, even then files outside that folder also get sent if I use X-Sendfile header.

This is what I have in my virtualhost section XSendFile on XSendFilePath /home/domain/public_html/files

If I use php to send files from /home/domain/public_html/abc using X-Sendfile. It gets sent without any problem. I do not want this. I only want X-Sendfile to work for files within /home/domain/public_html/files.

Sheikh Azad
  • 353
  • 2
  • 11

2 Answers2

1

Try with the XSendFilePath directive

XSendFilePath allow you to add additional paths to some kind of white list. All files within these paths are allowed to get served through mod_xsendfile.

Mircea Soaica
  • 2,829
  • 1
  • 14
  • 25
  • In my case all folders seem to be white listed. I am able to serve files from any location using the X_Sendfile header. I do not want this. I want to use this header only for folders i specify. – Sheikh Azad Mar 09 '17 at 17:00
0

It is imporant the the XSendFilePath directive is in a apache config file context that is relevant to the url you are using, e.g. not within a virtual host section which is not interpreted due your actual virtual host (in your url). probably and in most configurations, XSendFilePath is used in the main section of apache config file, not in a specific context like virtual host, dolmain, etc. does this help?

XSendFilePath /tmp
<VirtualHost *>
 ServerName www.someserver.com
 XSendFilePath /home/userxyz
</VirtualHost>

(first occurance of XSendFilePath -> works globally, second occurance does only work if your php script producting the XSendFile header is called from within domain www.someserver.com)

Raffael Meier
  • 189
  • 1
  • 4