Discussion in 'Ruby/Rails' started by thijs, Mar 4, 2007.

  1. thijs

    thijs Member

    I would like to start using the sendfile feature in Litespeed to serve files that are selected from the filesystem by my Rails app.

    I had a look at the sendfile gem but it's not obvious to me how this could be used with Litespeed. Is there anybody that has tried this?
  2. mistwang

    mistwang LiteSpeed Staff

  3. thijs

    thijs Member

    Thanks, I know about that.

    That solution feels to much like security through obscurity to me. I don't feel comfortable putting those files on a publicly accessible location. And somebody could download every single file if the secret location would leak.

    Or is there a way to close off the file location?
  4. mistwang

    mistwang LiteSpeed Staff

    To block direct access to a directory, just add a rewrite rule at vhost level like

    RewriteCond %{REQUEST_URI} ^/blocked/uri/
    RewriteRule ^/blocked/uri/ - [R=403,F]

    REQUEST_URI is the same as the current URI when accessing the file directly, however, when a request was internally redirected, Current URI is the "/blocked/uri/", while REQUEST_URI is the URI in the original request header.

Share This Page